5 matches found
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CE Phoenix Cart 访问控制错误漏洞
CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. An access control error vulnerability exists in CE Phoenix Cart versions prior to 1.0.9.7 through 1.1.0.3, which stems from a lack of password revalidation when deleting an account, which...
CE Phoenix Cart Security Vulnerability
CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. A security vulnerability exists in CE Phoenix Cart v1.0.8.20 and earlier versions, which stems from the presence of an HTML injection vulnerability. The vulnerability can be exploited by an...
CE Phoenix Cart Security Vulnerability
CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. A security vulnerability exists in CE Phoenix Cart v1.0.8.20, which originates from a Remote Code Execution RCE vulnerability in component /admin/definelanguage.php...