Opensolution Quick.cart

10 CVEs affecting Opensolution Quick.cart. Latest disclosed: 2026-02-05. Critical: 1, High: 2.

Top CVEs affecting Opensolution Quick.cart
CVESeverityScorePublishedSummary
CVE-2026-23796Critical9.82026-02-05Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour…
CVE-2025-67684High7.22026-01-22Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbi…
CVE-2020-35754High7.22021-01-28OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input…
CVE-2025-67683Medium6.12026-01-22Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript ex…
CVE-2026-23797Medium4.92026-02-05In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was n…
CVE-2025-103172025-10-30Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by t…
CVE-2012-64302014-03-24Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote atta…
CVE-2012-60492012-11-27Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals…
CVE-2009-41202009-12-01Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for reque…
CVE-2008-41402008-09-24Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.