Cross-site Scripting (XSS) - Generic in s-cart/core


Reported on

Nov 23rd 2020


s-cart is a free e-commerce website project for businesses, built on the Laravel framework. this package is vulnerable to Stored Cross-Site Scripting (XSS).

Steps To Reproduce-:

  1. install locally or for demo
  2. when adding products to cart add crafted jscode


gdrive payload used = "><script>alert("test")</script>

to join this conversation