CVE-2020-28456

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28456

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28456.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28456

Related

SNYK-PHP-SCARTCORE-1047609

Published

2020-12-15T16:15:15.883Z

Modified

2026-03-20T11:36:17.763429Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.

References

Affected packages

Git / github.com/s-cart/core

Affected ranges

Type: GIT
Repo: https://github.com/s-cart/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f4b2811293063a3a2bb497b2512d8a18bd202219

Type: GIT
Repo: https://github.com/s-cart/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f4b2811293063a3a2bb497b2512d8a18bd202219

Affected versions

4.*

4.0.0

4.0.0-beta

4.0.1

4.0.1.1

4.0.1.2

4.0.1.3

4.0.1.4

4.0.1.5

4.1.0

4.1.0.1

4.1.0.2

4.1.0.3

4.1.0.4

4.1.0.5

4.1.1

4.2.0

4.2.1

4.2.1.1

4.2.1.2

4.2.1.3

4.2.1.4

4.2.1.5

4.2.2.0

4.2.2.1

4.2.2.2

4.3.0

4.3.0.1

4.3.1

4.3.1.1

4.3.1.2

4.3.2

4.3.2.0

4.4.0-beta

4.4.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28456.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "4.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "4.4"
            }
        ]
    }
]