cvedb.io
CVE-2022-21149
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2022-05-01T16:15:08.020 · Last modified 2026-06-17T04:25:37.297

Summary

The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.

Affected products

s-cart — s-cart

Does this affect you?

Add your gear to cvedb and we'll alert you only when s-cart ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.