CNNVD-202509-3679 Information

CNNVD ID

CNNVD-202509-3679

Related CVE

CVE-2025-57407

• CNNVD Published: 2025-09-23

Description (Chinese)

s-cart是s-cart社区的一个基于Php的电子商务管理平台。 s-cart 10.0.3及之前版本存在安全漏洞，该漏洞源于User-Agent标头未充分验证，可能导致存储型跨站脚本攻击。

Description (English)

S-cart is a Php-based e-commerce management platform for the s-cart community. There is a security loophole in s-cart 10.3 and earlier versions, which stems from the fact that the User-Agent beacon is not sufficiently verified and may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SafeDep

Published

2025-09-23

Last Modified

2026-02-24

References

https://github.com/gp247net/core/releases/tag/1.1.24 https://github.com/s-cart/core/blob/7c9aa42761be5fd0131c61dbe2b5323beb96d5dd/src/Admin/Controllers/AdminLogController.php