Vulnerability Disclosure

Hello, I have found a moderately severe vulnerability in CS-Cart as part of a penetration test, can you please advise of the email or channel I can disclose this and confirm?

Hello, and thank you for your question. For license owners, the best way to report a security vulnerability is to contact technical support via Help Desk. If you don't have a CS-Cart or Multi-Vendor license, you can use this form. That way, your message will surely reach the right specialist.

This form is quite useless as there is no way to upload reports or share images, etc. This is a poor way to accept security vulnerability reports.

For security vulnerability reports, we now also have a dedicated email address: