timint

CVE-2022-27168 WRITEUP MEDIUM WRITEUP

LiteCart < 2.4.2 - Cross-Site Scripting

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVSS 6.1

View Code

CVE-2018-12256 WRITEUP HIGH WRITEUP

LiteCart <2.1.3 - Authenticated RCE

admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.

CVSS 8.8

View Code