42 matches found
CVE-2018-25337
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...
CVE-2018-25337
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...
CVE-2018-25337 Joomla JoomOCShop 1.0 Cross-Site Request Forgery
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...
EUVD-2018-21860
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...
CVE-2018-25337
CVE-2018-25337 affects Joomla JoomOCShop 1.0 and is a Cross-Site Request Forgery vulnerability that allows an attacker to perform unauthorized actions on behalf of authenticated users. The issue enables crafting malicious requests targeting endpoints such as /joomoc2/?route=account/edit to modify...
CVE-2018-25337 Joomla JoomOCShop 1.0 Cross-Site Request Forgery
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...
PT-2026-41563
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...
EUVD-2021-34806
OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...
Cross-site Request Forgery (CSRF)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /account/edit endpoint. An attacker can alter account details, such as email addresses, by tricking users into visiting malicious pages, and subsequentl...
CVE-2021-47946
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...
CVE-2021-47946
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...
CVE-2021-47946 OpenCart 3.0.3.6 Account Takeover via Cross Site Request Forgery
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...
CVE-2021-47946
OpenCart 3.0.36 is affected by a cross-site request forgery on the /account/edit endpoint. The vulnerability allows unauthenticated attackers to modify victim account details by enticing users to visit malicious pages, enabling CSRF payloads to change email and other account information. Attacker...
CVE-2021-47946 OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery
OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...
OpenCart 跨站请求伪造漏洞
OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.36 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the /account/edi...
PT-2026-39520
OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...
CVE-2023-4845
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file accounteditquery.php. The manipulation of the argument adminid leads to sql injection. The attack can be initiated remotely. The exploit...
EUVD-2025-26710
Malicious code in bioql PyPI...
appRain CMF Cross-Site Scripting Vulnerability
appRain CMF is a content management framework from appRain Canada. The appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input on the /appain/admin/account/edit endpoint. An attacker could use the vulnerability to steal the victim...
CVE-2025-41036
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...