5 matches found
PrestaShop - Information Disclosure
User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote attackers to obtain administrators user email addresses via manipulation of the idemployee and resettoken parameters. An attacker who has access to the Back Office login URL can trigger the...
CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...
Information Exposure
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Information Exposure via manipulation of the idemployee and resettoken parameters on...
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
Shopify: Shopify's SF and LA offices Dashboard Information disclosed via Public Gist
Hi Team, During my recon process, I found a public gist containing the Internal Information of the Shopify offices of LA and SF. The gist belongs to the Shopify employee - https://gist.github.com/runmad He is currently - Engineering Manager at Shopify LA Office Dashboard -...