CVE-2026-45622

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

CVE-2026-45622 Vvveb: Unauthenticated reflected XSS in public product return form via customer_order_id

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

CVE-2026-45622 Vvveb: Unauthenticated reflected XSS in public product return form via customer_order_id

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for the...

WordPress plugin Easy PayPal Events & Tickets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-22073

Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments...

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

Bagisto has IDOR in Customer Order Reorder Functionality

Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto versions prior to 2.3.10, which stems from an insecure direct object reference in the Customer Order Reorder feature, which could cause an...

EUVD-2016-6478

Malware in sbrugna...

Oracle Siebel CRM < 16.5 (October 2016 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2016 CPU advisory. - Vulnerability in the Siebel Apps - Customer Order Management component of Oracle Siebel CRM subcomponent: Customizable Prod/Configurator. The...

WordPress Customer Order History for WooCommerce Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Customer Order History for WooCommerce Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e9541c2f16e Credits Rafie Muhamma...

Sql injection

SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchFormsearchText=...

CVE-2016-5534

Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors...

CVE-2016-5534

Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors...

CVE-2016-5534

Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors...

Surat Diamond Blind SQL Injection

Blind sql injection found at URL: http://www.suratdiamond.com/prodcriteria.aspx Entity: matid Security Risk: It is possible to view, modify or delete database entries and tables Below are the tables found on the database admin uid username userpass 1 admin removed brochureimage Carat CartMaster...