XSS in Qualiteam X-cart
CVE-2015-0950
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.012 (63.8th percentile) — read the EPSS interpretation.
Affected products
- Qualiteam X-cart — versions 5.1.6, 5.1.7, 5.1.8
- N/a — versions n/a
Weakness classification (CWE)
References
- cret@cert.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- cret@cert.org (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)