190 matches found
Saleor Cross Site Scripting
Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform persistent cross site scripting attacks on dashboards and storefronts. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...
Saleor Cross Site Scripting
Saleor suffers from a persistent cross site scripting vulnerability via an unrestricted file upload functionality. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...
Exploit for Cross-site Scripting in Saleor
CVE-2026-23499: Saleor vulnerable to stored XSS via Unrestrict...
CVE-2026-35407
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...
CVE-2026-39851
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...
CVE-2026-35407
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...
CVE-2026-35401
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...
CVE-2026-33756
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...
EUVD-2026-20536
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...
CVE-2026-39851 Saleor has a user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...
CVE-2026-39851 Saleor has a user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...
CVE-2026-39851
Saleor (e-commerce platform) contains a user enumeration vulnerability in the requestEmailChange() mutation. From version 2.10.0 up to, but not including, 3.23.0a3, and also in 3.22.47, 3.21.54, and 3.20.118, error messages reveal whether a provided email address exists. This leads to potential i...
CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...
CVE-2026-35407
Saleor’s CVE-2026-35407 describes a cross-account email-change weakness in the account email-change workflow. The confirmation token could be used for a different authenticated user, allowing the token’s new_email to update the second account’s address even though the token wasn’t issued for that...
CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...
CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...
EUVD-2026-20532
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...
CVE-2026-35401
Saleor (e-commerce platform) contains a resource exhaustion vulnerability in GraphQL handling affecting 2.0.0 up to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118. A malicious actor can exceed resource limits by including many GraphQL mutations or queries in a single API call via aliases or by c...
CVE-2026-33756 Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...
CVE-2026-33756
CVE-2026-33756 affects Saleor (e-commerce platform). The vulnerability lies in unbounded GraphQL query batching: from 2.0.0 up to just before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the service allowed multiple GraphQL operations in a single HTTP request without an upper limit, bypassing per-qu...