Cross-site Scripting (XSS) - Generic in s-cart/core
Nov 23rd 2020
s-cart is a free e-commerce website project for businesses, built on the Laravel framework. this package is vulnerable to
Stored Cross-Site Scripting (XSS).
Steps To Reproduce-:
- install https://github.com/s-cart/s-cart locally or https://demo.s-cart.org/ for demo
- when adding products to cart add crafted jscode
gdrive payload used = "><script>alert("test")</script>