s-cart/s-cart

vulnerability cross-site scripting (xss)
severity 4.7
language php
registry packagist

Description

s-cart is a free e-commerce website project for businesses, built on the Laravel framework. this package is vulnerable to Stored Cross-Site Scripting (XSS).

https://github.com/s-cart/s-cart https://s-cart.org/about.html

Steps To Reproduce-:

  1. install https://github.com/s-cart/s-cart locally or https://demo.s-cart.org/ for demo
  2. when adding products to cart add crafted jscode

POC

gdrive payload used = "><script>alert("test")</script>

References