Opensolution Quick.cart
10 CVEs affecting Opensolution Quick.cart. Latest disclosed: 2026-02-05. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23796 | Critical | 9.8 | 2026-02-05 | Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour… |
CVE-2025-67684 | High | 7.2 | 2026-01-22 | Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbi… |
CVE-2020-35754 | High | 7.2 | 2021-01-28 | OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input… |
CVE-2025-67683 | Medium | 6.1 | 2026-01-22 | Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript ex… |
CVE-2026-23797 | Medium | 4.9 | 2026-02-05 | In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was n… |
CVE-2025-10317 | | 2025-10-30 | Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by t… | |
CVE-2012-6430 | | 2014-03-24 | Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote atta… | |
CVE-2012-6049 | | 2012-11-27 | Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals… | |
CVE-2009-4120 | | 2009-12-01 | Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for reque… | |
CVE-2008-4140 | | 2008-09-24 | Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string. |