Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/01/15 3:52 p.m.29 views

CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS0.00307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/03 9:4 p.m.7 views

CVE-2026-21450

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue...

9.8CVSS8.4AI score0.01228EPSS
Exploits0References1
OSV
OSV
added 2026/01/02 8:18 p.m.12 views

CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the add address step they can inject a value to run in admin view. The issue can lead to remote code execution. Version...

9.3CVSS7.7AI score0.00835EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.9 views

PT-2026-1125

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, has an issue where API routes remain active even after the initial installation is complete. The API endpoints /install/api/ are directly accessib...

9.8CVSS6.8AI score0.00583EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.10 views

PT-2026-1130

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, is susceptible to server-side template injection through the type parameter. This can potentially lead to remote code execution. Recommendations...

9.8CVSS7.7AI score0.01228EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/23 4:44 p.m.5 views

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input,...

5.4CVSS5.5AI score0.00201EPSS
Exploits0References2
0day.today
0day.today
added 2023/04/03 12:0 a.m.231 views

AmazCart CMS 3.4 - Cross-Site-Scripting Vulnerability

Exploit Title: AmazCart CMS 3.4 - Cross-Site-Scripting XSS Exploit Author: Sajibe Kanti Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link: https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179 Version: 3.4 Tested on: Live Demo Demo Link :...

6.8AI score
Exploits0
Snyk
Snyk
added 2022/02/01 2:12 p.m.4 views

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the...

5.4CVSS5.2AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2022/01/31 12:48 p.m.2 views

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Admin section. It have the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Details...

6.5CVSS5.3AI score
Exploits0References2
CNVD
CNVD
added 2019/08/28 12:0 a.m.5 views

Laracom Cross-Site Scripting Vulnerability

laracom is a free Laravel e-commerce software. A cross-site scripting vulnerability exists in laracom version 1.4.11, which can be exploited by an attacker to execute client-side code...

6.1CVSS6.4AI score0.00875EPSS
Exploits1References1
Rows per page
Query Builder