SnykCVELIST:CVE-2022-21149CVE-2022-21149 Cross-site Scripting (XSS)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user’s account through the stolen cookie.
CNA Affected
[
{
"product": "s-cart/s-cart",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "s-cart/core",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%