Cubecart V6
13 CVEs affecting Cubecart V6. Latest disclosed: 2026-05-13. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45714 | Critical | 9.1 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of… |
CVE-2026-45053 | Critical | 9.1 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (… |
CVE-2026-44377 | Critical | 9.1 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of… |
CVE-2026-45055 | High | 8.1 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with… |
CVE-2026-45708 | High | 7.2 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next t… |
CVE-2026-39358 | High | 7.2 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting paramet… |
CVE-2025-59335 | High | 7.1 | 2025-09-22 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. Th… |
CVE-2025-59413 | Medium | 6.5 | 2025-09-22 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to uns… |
CVE-2026-44376 | Medium | 6.1 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a… |
CVE-2025-59412 | Medium | 5.4 | 2025-09-22 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not pro… |
CVE-2025-59411 | Medium | 5.4 | 2025-09-22 | CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in th… |
CVE-2026-45054 | Medium | 4.9 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page (admin.php?_g=orders&node=transactions) builds a raw ORD… |
CVE-2026-39428 | Medium | 4.8 | 2026-05-13 | CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with adminis… |