cbcvebase.

Frogman Office Inc Cs-Cart Japanese Edition vulnerabilities

4 known vulnerabilities affecting frogman_office_inc/cs-cart_japanese_edition.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2017-2138P4HIGHCVSS 8.8vv4.3.10 and earlier (excluding v2 and v3)2017-08-02
CVE-2017-2138 [HIGH] CWE-352 CVE-2017-2138: Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (exc Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
nvd
CVE-2017-2143P4MEDIUMCVSS 5.3v4.3.10-jp-1vv4.3.10-jp-1 and earlier2017-04-28
CVE-2017-2143 [MEDIUM] CWE-425 CVE-2017-2143: CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
nvd
CVE-2017-2139P4MEDIUMCVSS 5.3vv4.3.10 and earlier (excluding v2 and v3)2017-04-28
CVE-2017-2139 [MEDIUM] CWE-425 CVE-2017-2139: CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edi CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.
nvd
CVE-2017-10886P4MEDIUMCVSS 5.4vv4.3.10 and earlier (excluding v2 and v3)2017-11-17
CVE-2017-10886 [MEDIUM] CWE-79 CVE-2017-10886: Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
nvd
Frogman Office Inc Cs-Cart Japanese Edition vulnerabilities | cvebase