Description
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References (4)
Core 4
Core References
Product x_refsource_misc
https://www.litecart.net/en/
Third Party Advisory x_refsource_misc
https://github.com/litecart/litecart
Patch, Third Party Advisory x_refsource_misc
https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63
Patch, Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN32625020/index.html
Scores
CVSS v3
6.1
EPSS
0.0090
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
litecart/litecart
< 2.4.2
Published
Jul 11, 2022
Tracked Since
Feb 18, 2026