Notified: February 03, 2015 Updated: April 02, 2015
Statement Date: February 26, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting (XSS), and versions 5.1.10 and below are vulnerable to authorization bypass through insecure direct object reference.