CVE-2025-10317 MEDIUM

CVE-2025-10317: Multiple Cross-Site Request Forgery in Quick.Cart

Vendor Opensolution
Product Quick.Cart
Weakness CWE-352 · CSRF
Published October 30, 2025
Last update October 30, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

What the vulnerability does

01Description

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Key dates

02Disclosure timeline

October 30, 2025 CVE published
October 30, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-4082 Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery CVE-2024-49628 WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability CVE-2026-8435 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion() CVE-2025-6341 code-projects School Fees Payment System cross-site request forgery CVE-2025-65962 Tuleap has missing CSRF protections its in tracker field dependencies