XSS in Qualiteam X-cart

CVE-2015-0950

Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.012 (63.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References

  • cret@cert.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
  • cret@cert.org (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)