5 matches found
CVE-2025-47272
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
CVE-2025-47272
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
PT-2025-23491 · Unknown · Ce Phoenix
Name of the Vulnerable Software and Affected Versions: CE Phoenix eCommerce platform versions 1.0.9.7 through 1.1.0.3 Description: The issue allows logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session...