Arbitrary Code Execution Vulnerability in CS-Cart MultiVendor 4.16.1
CVE-2023-26688

Currently unrated

Key Information:

Vendor: CS-Cart
Status: Cs-cart Multivendor
Vendor: CVE Published:; 25 September 2024

What is CVE-2023-26688?

A Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 has been identified, allowing remote attackers to inject arbitrary scripts through the product_data parameter during the add or edit product process in the administration interface. This flaw poses a significant risk as it can enable unauthorized users to execute arbitrary code, potentially leading to further exploitation of the affected system.

References

https://www.cs-cart.com/multivendor.html

https://github.com/cybrops-io/CVEs/tree/main/CVE-2023-266...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Feb 27, 2023