I would be interested to know from CS-Cart support if these vulnerabilities have been fixed. I know 1.3.4 & 1.3.5 are not listed here, but I didn’t know how up to date this US government website was.


We’re in the 1.3.5 series.

What you see there is almost 2 years only (if I remember correctly) and hardly anyone would be using those versions.

Mind you we moved through the 1.3.4 series without any major mishaps that I’m aware of.