CVE-2017-10886

Name: CVE-2017-10886
Creator: NVD / NIST
Published: 2017-11-17T14:29:00.247+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.54%

Last modified Jun 17, 2026

CVE-2017-10886 is a vulnerability of currently unknown severity. Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.. EPSS estimates a 0.54% chance of exploitation in the next 30 days.

Description

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Metrics

EPSS Probability

0.54%

41.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Cs-Cart	Cs-Cart	4.0.1
Cs-Cart	Cs-Cart	4.0.2
Cs-Cart	Cs-Cart	4.0.3
Cs-Cart	Cs-Cart	4.1.1
Cs-Cart	Cs-Cart	4.1.2
Cs-Cart	Cs-Cart	4.1.3
Cs-Cart	Cs-Cart	4.1.4
Cs-Cart	Cs-Cart	4.2.1
Cs-Cart	Cs-Cart	4.2.2
Cs-Cart	Cs-Cart	4.2.3
Cs-Cart	Cs-Cart	4.2.4
Cs-Cart	Cs-Cart	4.3.1
Cs-Cart	Cs-Cart	4.3.2
Cs-Cart	Cs-Cart	4.3.3
Cs-Cart	Cs-Cart	4.3.4
Cs-Cart	Cs-Cart	4.3.5
Cs-Cart	Cs-Cart	4.3.6
Cs-Cart	Cs-Cart	4.3.7
Cs-Cart	Cs-Cart	4.3.8
Cs-Cart	Cs-Cart	4.3.9
Cs-Cart	Cs-Cart	4.3.10
Cs-Cart	Cs-Cart Multivendor	4.0.1
Cs-Cart	Cs-Cart Multivendor	4.0.2
Cs-Cart	Cs-Cart Multivendor	4.0.3
Cs-Cart	Cs-Cart Multivendor	4.1.1
Cs-Cart	Cs-Cart Multivendor	4.1.2
Cs-Cart	Cs-Cart Multivendor	4.1.3
Cs-Cart	Cs-Cart Multivendor	4.1.4
Cs-Cart	Cs-Cart Multivendor	4.2.1
Cs-Cart	Cs-Cart Multivendor	4.2.2
Cs-Cart	Cs-Cart Multivendor	4.2.3
Cs-Cart	Cs-Cart Multivendor	4.2.4
Cs-Cart	Cs-Cart Multivendor	4.3.1
Cs-Cart	Cs-Cart Multivendor	4.3.2
Cs-Cart	Cs-Cart Multivendor	4.3.3
Cs-Cart	Cs-Cart Multivendor	4.3.4
Cs-Cart	Cs-Cart Multivendor	4.3.5
Cs-Cart	Cs-Cart Multivendor	4.3.6
Cs-Cart	Cs-Cart Multivendor	4.3.7
Cs-Cart	Cs-Cart Multivendor	4.3.8
Cs-Cart	Cs-Cart Multivendor	4.3.9
Cs-Cart	Cs-Cart Multivendor	4.3.10

References

http://tips.cs-cart.jp/fix-jvn-29602086.htmlVendor Advisory
https://jvn.jp/en/jp/JVN29602086/index.htmlThird Party Advisory, VDB Entry
http://tips.cs-cart.jp/fix-jvn-29602086.htmlVendor Advisory
https://jvn.jp/en/jp/JVN29602086/index.htmlThird Party Advisory, VDB Entry

Timeline

Published: Nov 17, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-10886?

How severe is CVE-2017-10886?

Severity scoring for CVE-2017-10886 is pending analysis. The EPSS model estimates a 0.54% probability of exploitation in the next 30 days.

How do I fix CVE-2017-10886?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-10886?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST