Store Security Vulnerabilities
9.8CVSS
9.6AI Score
0.002EPSS
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin...
9.8CVSS
9.8AI Score
0.017EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF...
8.8CVSS
8.7AI Score
0.002EPSS
6.1CVSS
6AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User...
5.4CVSS
5.3AI Score
0.001EPSS
Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on...
6.1CVSS
6AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User...
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack....
7.5CVSS
7.4AI Score
0.006EPSS
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to...
9.8CVSS
9.5AI Score
0.001EPSS
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin...
9.8CVSS
9.6AI Score
0.003EPSS
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title...
6.1CVSS
5.9AI Score
0.001EPSS
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on...
6.1CVSS
6.2AI Score
0.001EPSS
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin...
9.8CVSS
9.7AI Score
0.002EPSS
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin...
8.8CVSS
8.5AI Score
0.001EPSS
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account...
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely......
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely......
5.4CVSS
5.3AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) gridSort parameters. NOTE: some of these details are obtained from third party...
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search...
5.8AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes,....
6.1CVSS
6.1AI Score
0.001EPSS
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site...
5.4CVSS
5.5AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Affected by this vulnerability is an unknown functionality of the file /obs/bookPerPub.php. The manipulation of the argument bookisbn leads to sql injection. The attack can be launched...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of...
9.8CVSS
9.7AI Score
0.001EPSS
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search...
6.1CVSS
6AI Score
0.001EPSS
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store...
7.8CVSS
7.4AI Score
0.0004EPSS
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store...
7.8CVSS
7.4AI Score
0.0004EPSS
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store...
7.8CVSS
7.4AI Score
0.0004EPSS
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to.....
6.1CVSS
6.1AI Score
0.001EPSS
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then...
6.8CVSS
6.4AI Score
0.001EPSS
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part...
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...
7.5CVSS
7.2AI Score
0.006EPSS
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection...
9.8CVSS
9.8AI Score
0.002EPSS
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system...
9.8CVSS
9.7AI Score
0.003EPSS
9.8CVSS
9.8AI Score
0.002EPSS