RSS   Podatności dla 'Hucart'   RSS

2021-08-26
 
CVE-2020-18475

CWE-79
 

 
Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed.

 
 
CVE-2020-18476

CWE-89
 

 
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.

 
 
CVE-2020-18477

CWE-89
 

 
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.

 
2021-07-30
 
CVE-2020-18158

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.

 
2019-01-13
 
CVE-2019-6249

CWE-352
 

 
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.

 
2018-11-23
 
CVE-2018-19468

CWE-89
 

 
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.

 


Copyright 2024, cxsecurity.com

 

Back to Top