Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/06/04 11:20 a.m.7 views

CVE-2025-47272

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS6.8AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 11:15 a.m.9 views

CVE-2025-47272

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS0.00142EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 11:0 a.m.7 views

CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...

6.3CVSS5.6AI score0.00219EPSS
Exploits0References4
OSV
OSV
added 2025/06/02 10:47 a.m.5 views

CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS6.7AI score0.00142EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.8 views

PT-2025-23491 · Unknown · Ce Phoenix

Name of the Vulnerable Software and Affected Versions: CE Phoenix eCommerce platform versions 1.0.9.7 through 1.1.0.3 Description: The issue allows logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session...

5.5CVSS6.4AI score0.00142EPSS
Exploits0References6
Rows per page
Query Builder