126 matches found
Is Black Friday a Thing of the Past? Not for Mobile
I recently ordered a new Weber grill from The Home Depot. When it was delivered, I discovered it was the floor model, and it wasn't the perfect grill I had anticipated. I called the local store, and -- long story short -- my friends at The Home Depot gave me a significant discount for not letting...
Ecommerce CodeIgniter Bootstrap cross-site scripting vulnerability (CNVD-2020-51507)
Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript.CodeIgniter is an open source web framework written using the PHP language . Ecommerce CodeIgniter Bootstrap A XSS vulnerability exists in previous versions of...
CVE-2020-25089
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php...
CVE-2020-25089
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php...
Shopify: Script Editor preview token still working with uninstalled application, even for unpublished script
Within the Script Editor application, it is possible to preview a script on the storefront and proceed to purchase. Once the user click on the preview link, it opens https://shop.myshopify.com/admin/scripts/preview?scriptid=scriptid which then generate a preview token to be used by the storefront...
Authorization Bypass
magento/community-edition is vulnerable to authorization bypass. The application allows an attacker to create unauthorized product discounts upon successful exploitation of the vulnerability...
ethernetdiscounts.com Cross Site Scripting vulnerability OBB-1209373
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-9587
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...
CVE-2020-9587
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...
CVE-2020-9587
CVE-2020-9587 corresponds to an authorization bypass vulnerability in Adobe Magento. According to the connected records, affected Magento versions are 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier. Successful exploitation could lead to unauthorize...
CVE-2020-9587
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...
Magento Multiple Vulnerabilities (APSB20-22)
Magento is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PT-2020-6278 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.4 and earlier Magento versions 2.2.11 and earlier Magento versions 1.14.4.4 and earlier Magento versions 1.9.4.4 and earlier Description: The issue is related to an authorization bypass, which could allow a remote attacke...
Windows 8.1 Store and Windows Update client improvements: May 13, 2014
Windows 8.1 Store and Windows Update client improvements: May 13, 2014 This article describes some improvements for Windows Store and Windows Update in Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. Check out the new features of this update and how to obtain this update. This update has...
Shopify: any staff members have the ability to comment in [discounts] he/she can disable comment section it to other staff even the admin of the store
Hi, I found this cool behavior by mistake when I was testing for some GraphQL, any user have ability to comment in discounts code at discounts section can turn off comments to the other staff members include the admin/manager of the store. this happens because when the GraphQL used to create a...
Shopify: Stored XSS in Discounts section
self-xss Impact 1.add Products, shop name is '"'' 2.click Discounts-code, https://mosuan-img-src-x.myshopify.com/admin/discounts/367541518396 3.add comments, Choose the goods just now. 4.alert...
netzpro.in XSS vulnerability
Open Bug Bounty ID: OBB-633279 Description| Value ---|--- Affected Website:| netzpro.in Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Become a Linux Expert — Get this Online 5-Course Training Bundle
Linux is considered as one of the most favorite operating systems for hackers and security researchers. The open source operating system is often used for building technologies as it offers developers much room for modifications. Linux is used on many hardware platforms, servers, gaming platforms...
The Hacker News (THN) Celebrates 6th Anniversary Today
Can you believe that it's been 6 years since we first launched The Hacker News? Yes, The Hacker News is celebrating its sixth anniversary today on 1st November. We started this site on this same day back in 2010 with the purpose of providing a dedicated platform to deliver latest infosec news and...
The Hacker News launches Online Deals Store – Get Best Deals & Offers
Hey readers, guess what? The Hacker News THN is about to complete its 6 years as a leading Information Security Channel – attracting over 9 Million readers worldwide – and a trusted source for Hacking, Cyber Security and Infosec News for the enthusiasts, technologists & nerds. In the special...