Browse all 4 CVE security advisories affecting cubecart. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CubeCart is an open-source e-commerce platform enabling businesses to create and manage online stores. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. The platform's 4 recorded CVEs highlight these security concerns, with some incidents allowing attackers to execute arbitrary code or gain unauthorized administrative access. Despite these issues, CubeCart remains a popular choice for small to medium-sized online retailers seeking a cost-effective solution, though users must remain vigilant about applying security patches and following hardening guidelines to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59413 | CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter — v6CWE-862 | 6.5 | Medium | 2025-09-22 |
| CVE-2025-59412 | CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement — v6CWE-79 | 5.4 | Medium | 2025-09-22 |
| CVE-2025-59411 | CubeCart Stored/Reflected HTML Injection Vulnerability in Contact Enquiry — v6CWE-79 | 5.4 | Medium | 2025-09-22 |
| CVE-2025-59335 | CubeCart Session Not Invalidated After Password Change — v6CWE-613 | 7.1 | High | 2025-09-22 |
This page lists every published CVE security advisory associated with cubecart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.