Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by LiteCart
CVE-2022-27168 (GCVE-0-2022-27168)
Vulnerability from nvd – Published: 2022-07-11 00:40 – Updated: 2024-08-03 05:18
VLAI
Summary
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.litecart.net/en/ | x_refsource_MISC |
| https://github.com/litecart/litecart | x_refsource_MISC |
| https://github.com/litecart/litecart/commit/050fe… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN32625020/index.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LiteCart",
"vendor": "LiteCart",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:19.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LiteCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.4.2"
}
]
}
}
]
},
"vendor_name": "LiteCart"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.litecart.net/en/",
"refsource": "MISC",
"url": "https://www.litecart.net/en/"
},
{
"name": "https://github.com/litecart/litecart",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart"
},
{
"name": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"name": "https://jvn.jp/en/jp/JVN32625020/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27168",
"datePublished": "2022-07-11T00:40:19.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:18:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9018 (GCVE-0-2020-9018)
Vulnerability from nvd – Published: 2020-02-25 17:13 – Updated: 2024-08-04 10:19
VLAI
Summary
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://uploadboy.com/7njf43f167is/384/mp4 | x_refsource_MISC |
| https://cert.ikiu.ac.ir/public-files/pages/attach… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T17:13:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9018",
"datePublished": "2020-02-25T17:13:51.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9017 (GCVE-0-2020-9017)
Vulnerability from nvd – Published: 2020-02-25 16:58 – Updated: 2024-08-04 10:19
VLAI
Summary
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://uploadboy.com/7njf43f167is/384/mp4 | x_refsource_MISC |
| https://cert.ikiu.ac.ir/public-files/pages/attach… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T16:58:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9017",
"datePublished": "2020-02-25T16:58:02.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12256 (GCVE-0-2018-12256)
Vulnerability from nvd – Published: 2018-08-16 20:00 – Updated: 2024-08-05 08:30
VLAI
Summary
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/litecart/litecart/commit/23053… | x_refsource_CONFIRM |
| https://www.litecart.net/download | x_refsource_CONFIRM |
Date Public
2018-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.litecart.net/download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.litecart.net/download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669",
"refsource": "CONFIRM",
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"name": "https://www.litecart.net/download",
"refsource": "CONFIRM",
"url": "https://www.litecart.net/download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12256",
"datePublished": "2018-08-16T20:00:00.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10827 (GCVE-0-2018-10827)
Vulnerability from nvd – Published: 2018-05-09 04:00 – Updated: 2024-08-05 07:46
VLAI
Summary
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/litecart/litecart/issues/119 | x_refsource_MISC |
Date Public
2018-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-11T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/issues/119",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/issues/119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10827",
"datePublished": "2018-05-09T04:00:00.000Z",
"dateReserved": "2018-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7183 (GCVE-0-2014-7183)
Vulnerability from nvd – Published: 2014-10-22 14:00 – Updated: 2024-08-06 12:40
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/128768/LiteC… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/533748/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.netsparker.com/xss-vulnerabilities-in… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2015/Nov/84 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/70662 | vdb-entryx_refsource_BID |
Date Public
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"name": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/",
"refsource": "MISC",
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7183",
"datePublished": "2014-10-22T14:00:00.000Z",
"dateReserved": "2014-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27168 (GCVE-0-2022-27168)
Vulnerability from cvelistv5 – Published: 2022-07-11 00:40 – Updated: 2024-08-03 05:18
VLAI
Summary
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.litecart.net/en/ | x_refsource_MISC |
| https://github.com/litecart/litecart | x_refsource_MISC |
| https://github.com/litecart/litecart/commit/050fe… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN32625020/index.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LiteCart",
"vendor": "LiteCart",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:19.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.litecart.net/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LiteCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.4.2"
}
]
}
}
]
},
"vendor_name": "LiteCart"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.litecart.net/en/",
"refsource": "MISC",
"url": "https://www.litecart.net/en/"
},
{
"name": "https://github.com/litecart/litecart",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart"
},
{
"name": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/commit/050fea86cc162f3da2f7824f586602125a0f6d63"
},
{
"name": "https://jvn.jp/en/jp/JVN32625020/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32625020/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27168",
"datePublished": "2022-07-11T00:40:19.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:18:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9018 (GCVE-0-2020-9018)
Vulnerability from cvelistv5 – Published: 2020-02-25 17:13 – Updated: 2024-08-04 10:19
VLAI
Summary
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://uploadboy.com/7njf43f167is/384/mp4 | x_refsource_MISC |
| https://cert.ikiu.ac.ir/public-files/pages/attach… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T17:13:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows admin/?app=users\u0026doc=edit_user CSRF to add a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/5a8ed1c216e1a910e413535207563845.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9018",
"datePublished": "2020-02-25T17:13:51.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9017 (GCVE-0-2020-9017)
Vulnerability from cvelistv5 – Published: 2020-02-25 16:58 – Updated: 2024-08-04 10:19
VLAI
Summary
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://uploadboy.com/7njf43f167is/384/mp4 | x_refsource_MISC |
| https://cert.ikiu.ac.ir/public-files/pages/attach… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T16:58:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart through 2.2.1 allows CSV injection via a customer\u0027s profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://uploadboy.com/7njf43f167is/384/mp4",
"refsource": "MISC",
"url": "https://uploadboy.com/7njf43f167is/384/mp4"
},
{
"name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf",
"refsource": "MISC",
"url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/e8e09da3c5702511520810527af5b313.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9017",
"datePublished": "2020-02-25T16:58:02.000Z",
"dateReserved": "2020-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12256 (GCVE-0-2018-12256)
Vulnerability from cvelistv5 – Published: 2018-08-16 20:00 – Updated: 2024-08-05 08:30
VLAI
Summary
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/litecart/litecart/commit/23053… | x_refsource_CONFIRM |
| https://www.litecart.net/download | x_refsource_CONFIRM |
Date Public
2018-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.litecart.net/download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.litecart.net/download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods\u0026doc=vqmods request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669",
"refsource": "CONFIRM",
"url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669"
},
{
"name": "https://www.litecart.net/download",
"refsource": "CONFIRM",
"url": "https://www.litecart.net/download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12256",
"datePublished": "2018-08-16T20:00:00.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10827 (GCVE-0-2018-10827)
Vulnerability from cvelistv5 – Published: 2018-05-09 04:00 – Updated: 2024-08-05 07:46
VLAI
Summary
LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/litecart/litecart/issues/119 | x_refsource_MISC |
Date Public
2018-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-11T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/litecart/litecart/issues/119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/litecart/litecart/issues/119",
"refsource": "MISC",
"url": "https://github.com/litecart/litecart/issues/119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10827",
"datePublished": "2018-05-09T04:00:00.000Z",
"dateReserved": "2018-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7183 (GCVE-0-2014-7183)
Vulnerability from cvelistv5 – Published: 2014-10-22 14:00 – Updated: 2024-08-06 12:40
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/128768/LiteC… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/533748/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.netsparker.com/xss-vulnerabilities-in… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2015/Nov/84 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/70662 | vdb-entryx_refsource_BID |
Date Public
2014-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128768/LiteCart-1.1.2.1-Cross-Site-Scripting.html"
},
{
"name": "20141020 LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533748/100/0/threaded"
},
{
"name": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/",
"refsource": "MISC",
"url": "https://www.netsparker.com/xss-vulnerabilities-in-litecart/"
},
{
"name": "20151119 Re: LiteCart 1.3.2: Multiple XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/84"
},
{
"name": "70662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7183",
"datePublished": "2014-10-22T14:00:00.000Z",
"dateReserved": "2014-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}