CVE-2025-57407 is a stored cross-site scripting (XSS) vulnerability identified in the Admin Log Viewer component of S-Cart versions up to and including 10.0.3. This vulnerability allows a remote attacker with authenticated access to inject arbitrary web scripts or HTML code via a specially crafted User-Agent HTTP header. When an administrator subsequently views the security log page within the Admin Log Viewer, the injected script executes in the context of the administrator's browser session. This execution can lead to session hijacking, allowing the attacker to impersonate the administrator, or other malicious actions such as privilege escalation, data exfiltration, or further compromise of the administrative interface. The vulnerability arises because the User-Agent header input is not properly sanitized or encoded before being stored and rendered in the log viewer interface, enabling persistent script injection. Exploitation requires the attacker to be authenticated, which implies some level of access control bypass or credential compromise is needed prior to leveraging this vulnerability. No public exploits are currently known in the wild, and no CVSS score has been assigned yet. However, the vulnerability's nature as a stored XSS in an administrative interface makes it a significant risk, especially in environments where S-Cart is used for e-commerce or content management, as administrative sessions typically have elevated privileges and access to sensitive data and controls.

For European organizations using S-Cart (versions <=10.0.3), this vulnerability poses a serious threat to the confidentiality and integrity of administrative sessions. Successful exploitation could lead to session hijacking of administrators, enabling attackers to manipulate e-commerce settings, access sensitive customer data, or alter transaction records. This could result in financial losses, reputational damage, and regulatory non-compliance, particularly under GDPR requirements for protecting personal data. The stored XSS nature means that the malicious payload persists in logs, increasing the risk of repeated exploitation. Since exploitation requires authentication, the threat is heightened in environments where credential management is weak or insider threats exist. The vulnerability could also be leveraged as a foothold for further lateral movement within the network. Given the critical role of administrative interfaces in managing online stores, disruption or compromise could impact business continuity and customer trust.

European organizations should immediately verify if they are running S-Cart versions 10.0.3 or earlier and prioritize upgrading to a patched version once available. In the absence of an official patch, organizations should implement input validation and output encoding on the User-Agent header before it is logged or displayed in the Admin Log Viewer. Restricting access to the Admin Log Viewer to only highly trusted administrators and enforcing multi-factor authentication can reduce the risk of exploitation. Monitoring logs for suspicious User-Agent strings and unusual administrator activities can help detect attempted exploitation. Additionally, implementing Content Security Policy (CSP) headers can mitigate the impact of XSS by restricting script execution contexts. Regularly auditing user privileges and rotating administrator credentials will further reduce the attack surface. Finally, educating administrators about the risks of clicking on suspicious links or viewing untrusted logs can help prevent exploitation.