Lucene search
K

129 matches found

NVD
NVD
added 2023/09/27 3:19 p.m.22 views

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.1CVSS6.2AI score0.00621EPSS
Exploits0References2
Prion
Prion
added 2023/09/27 3:19 p.m.26 views

Cross site scripting

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

5.8CVSS6.3AI score0.00621EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/26 8:19 a.m.13 views

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.7AI score0.00621EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/26 8:19 a.m.25 views

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.9AI score0.00621EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/26 8:19 a.m.9 views

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

7.8AI score0.00909EPSS
Exploits0References2
CVE
CVE
added 2023/09/26 8:19 a.m.49 views

CVE-2023-43610

CVE-2023-43610 is a SQL injection vulnerability in Welcart e-Commerce (WordPress plugin) affecting versions 2.7–2.8.21. The issue exists in the Order Data Edit page, allowing a user with editor-level privileges or higher to perform unintended database operations. Red Hat and JVN entries corrobora...

8.8CVSS8.9AI score0.00909EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.4 views

WordPress Plugin Welcart e-Commerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6AI score0.00621EPSS
Exploits0References4
OSV
OSV
added 2023/09/14 4:15 a.m.4 views

CVE-2023-4948

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS7.3AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.6 views

PT-2023-31236 · WordPress · Woocommerce Clover Payment Gateway

Name of the Vulnerable Software and Affected Versions: WooCommerce CVR Payment Gateway plugin for WordPress versions up to 6.1.0 Description: The issue allows unauthorized modification of data due to a missing capability check on the refresh order cvr data AJAX action. This makes it possible for...

4.3CVSS5.2AI score0.00321EPSS
Exploits0References6
OSV
OSV
added 2023/06/22 12:15 p.m.5 views

CVE-2023-35093

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...

6.5CVSS7.3AI score0.00555EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/06/14 8:33 a.m.7 views

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000 , impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

7.5CVSS6AI score0.01214EPSS
Exploits2
OSV
OSV
added 2022/11/22 6:15 p.m.3 views

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

9.8CVSS5.8AI score0.00871EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.3 views

Billing System Project SQL注入漏洞

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...

9.8CVSS7.8AI score0.00871EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/22 12:0 a.m.3 views

PT-2022-26793 · Unknown · Billing System Project

Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderId parameter at the "fetchOrderData.php" endpoint. Recommendations: For Billing System...

9.8CVSS8.1AI score0.00871EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.3 views

PT-2022-24565 · Maxon · Maxon Erp

Name of the Vulnerable Software and Affected Versions: Maxon ERP affected versions not specified Description: A critical vulnerability has been found in Maxon ERP, affecting the file /index.php/purchase order/browse data. The manipulation of the tb search argument leads to SQL injection. It is...

9.8CVSS9.7AI score0.00654EPSS
Exploits1References7
OSV
OSV
added 2022/10/28 6:15 p.m.2 views

CVE-2022-43232

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /phpaction/fetchOrderData.php...

7.2CVSS5.8AI score0.00848EPSS
Exploits1References1
OSV
OSV
added 2022/09/02 9:15 p.m.3 views

CVE-2022-36638

An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders...

5.3CVSS5.8AI score0.00776EPSS
Exploits1References2
CNVD
CNVD
added 2022/05/07 12:0 a.m.16 views

WordPress Tipsacarrier plugin access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

7.5CVSS1.7AI score0.0147EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.5 views

WordPress plugin Tipsacarrier 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

7.5CVSS7.4AI score0.0147EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/02 4:0 p.m.7 views

CVE-2022-20680

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive dat...

6.5CVSS6.6AI score0.01084EPSS
Exploits0References2
Rows per page
Query Builder