cbcvebase.
CVE-2017-10886
published 2017-11-17

CVE-2017-10886: Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and…

PriorityP422medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.54%
41.2th percentile
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Affected

44 ranges· showing 25
VendorProductVersion rangeFixed in
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart
cs-cartcs-cart_multivendor
cs-cartcs-cart_multivendor
cs-cartcs-cart_multivendor
cs-cartcs-cart_multivendor

CVSS provenance

nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.