CNNVD-202509-3554 Information
Sep 22, 2025
cve
CNNVD ID
CNNVD-202509-3554
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
CubeCart是CubeCart开源的一个电子商务软件。 CubeCart 6.5.11之前版本存在安全漏洞,该漏洞源于未对Enquiry字段的用户输入进行清理和转义,可能导致跨站脚本攻击或HTML注入。
Description (English)
CubeCart is an e-commerce software source for CubeCart. The previous version of CubeCart 6.5.11 had a security loophole, which stemmed from the failure to clean up and convert user input from Enquiry fields, which could result in a cross-site script attack or HTML injection.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cudy Technology
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/cubecart/v6/commit/299065bd4a8836782ce92f70988c730f130756db https://github.com/cubecart/v6/commit/48336c54532705873a8c4106208c2d596f128047 https://github.com/cubecart/v6/security/advisories/GHSA-5hg3-m3q3-v2p4