Lucene search
K

5 matches found

NVD
NVD
added 2026/05/15 7:17 p.m.14 views

CVE-2026-45622

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 6:42 p.m.16 views

CVE-2026-45622

Vvveb CMS (version prior to 1.0.8.3) is affected by an unauthenticated reflected XSS in the public product return form. The issue arises from inserting the customer_order_id into the error message without HTML escaping, allowing attacker-controlled HTML/JavaScript to execute in the submitting use...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 6:42 p.m.10 views

EUVD-2026-30583

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/05 9:13 p.m.7 views

Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Unauthenticated users can view completed guest orders by Order ID GHSL-2026-029 The OrdersControllershow action permits viewing completed guest orders by order number alone, without requiring the associated order token. Order lookup without enforcing token requirement in OrdersControllershow: rub...

8.7CVSS5.5AI score0.00441EPSS
Exploits1References11Affected Software1
Hacker One
Hacker One
added 2020/10/24 4:7 a.m.34 views

Shopify: Order lookup features of Shopify Chat Application leads to customer orders enumeration due to lack of user input validation

It came to my attention that the Shopify Chat application allows a customer to retrieve its order status by only providing the order email and number. Noticing that it results in being provided the order status page link, I started playing a bit with both parameters and I found out that it is...

6.8AI score
Exploits0
Rows per page
Query Builder