16 matches found
CVE-2025-13002
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002
CVE-2025-13002 concerns an XSS in Farktor Software’s E-Commerce Package (E-Commerce Services Inc.). The issue arises from Improper Neutralization of Input During Web Page Generation and affects versions up to 27112025. The CVSS‑3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H with a base score o...
CVE-2025-10969 SQLi in Farktor Software's E-Commerce Package
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...
CVE-2025-10969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...
PT-2026-7842
Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description An authorization bypass exists in Farktor Software E-Commerce Package due to manipulation of user-controlled variables. This allows bypassing intended access restriction...
PT-2026-7840
Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description The software contains an improper neutralization of special elements used in an SQL command, leading to a Blind SQL Injection issue. This allows for potential unauthoriz...
Farktor E-Commerce Package SQL注入漏洞
Farktor E-Commerce Package is an e-commerce platform developed by the Turkish company Farktor. The Farktor E-Commerce Package versions 27112025 and earlier have a SQL injection vulnerability. This vulnerability stems from improper neutralization of special elements, which may lead to blind SQL...
PT-2026-7841
Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Services Inc. E-Commerce Package versions through 27112025 Description An Improper Neutralization of Input During Web Page Generation issue exists in Farktor Software E-Commerce Services Inc. E-Commerce Package,...
E-commerce Cross site scripting vulnerability
It is possible for a malicious user with the 'create products' permission to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. The create products permission is...
AgoraCart agora.cgi cart_id Parameter XSS
Agora is a CGI-based, e-commerce package. Due to poor input validation, Agora allows an attacker to execute cross-site scripting attacks. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details include'deprecatednasllevel.inc'; include'compat.inc'; if...