Reports of vulnerabilities, security threats, or suspicion of breaches can be sent to security@litecart.net.
Do NOT post your reports in public forums or issue trackers.
Do not register a public CVE record until security fixes are released.
This policy covers the LiteCore framework and its components:
- PHP core (database, session, event system, vMod)
- JavaScript components (litebox, carousel, inputs, etc.)
- CSS framework (LESS sources and compiled output)
For vulnerabilities specific to LiteCart (the e-commerce platform), report to the same address.