N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-57407

GHSA ID

GHSA-46v4-5mc8-q2cf

EPSS Score

CWE

CWE-79

Published

9/23/2025

Updated

9/23/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-57407

CVE-2025-57407: GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-57407

GHSA ID

GHSA-46v4-5mc8-q2cf

EPSS Score

CWE

CWE-79

Published

9/23/2025

Updated

9/23/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
s-cart/core	composer	<= 9.0.5
gp247/core	composer	< 1.1.24	1.1.24

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* stor** *ross-sit* s*riptin* (XSS) vuln*r**ility in t** **min Lo* Vi*w*r o* S-**rt <=**.*.* *llows * r*mot* *ut**nti**t** *tt**k*r to inj**t *r*itr*ry w** s*ript or *TML vi* * *r**t** Us*r-***nt *****r. T** s*ript is *x**ut** in *n **ministr*tor's *

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-57407: GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI