17 matches found
EUVD-2020-7212
Malware in sbrugna...
EUVD-2024-26085
Malicious code in bioql PyPI...
CVE-2024-29036
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...
CVE-2024-29036
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...
CVE-2024-29036 Saleor Storefront session leak in cache
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...
CVE-2024-29036
CVE-2024-29036 affects Saleor Storefront. Before commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, authenticating a user leaks the session data of that user to anonymous visitors via cache. Impact is data exposure of authenticated user data; no exploitation details provided beyond this leakage. Re...
CVE-2024-29036 Saleor Storefront session leak in cache
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...
CVE-2024-29036 Saleor Storefront session leak in cache
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...
Mirumee Software Saleor Storefront 安全漏洞
Mirumee Software Saleor Storefront is a web-based, single-page e-commerce application from Mirumee Software, Poland. A security vulnerability exists in Mirumee Software Saleor Storefront that stems from the fact that when any user authenticates in the storefront, an anonymous user can access its...
CVE-2023-3294
Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...
Unspecified Vulnerability in MIRUMEE SOFTWARE Saleor Storefront
MIRUMEE SOFTWARE Saleor Storefront is a web-based, single-page e-commerce application from the Polish company MIRUMEE SOFTWARE. A security vulnerability exists in MIRUMEE SOFTWARE Saleor Storefront versions prior to 2.10.3, which can be exploited by attackers to extract email names and passwords...
CVE-2020-15085
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...
CVE-2020-15085
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...
Design/Logic Flaw
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...
CVE-2020-15085
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...
CVE-2020-15085
This CVE affects Saleor Storefront prior to version 2.10.3. Authentication-related data could be cached in the browser’s local storage, enabling an attacker with local access to extract email addresses and passwords. Prior to 2.10.0, the cached data could persist after logout; the issue is fixed ...
CVE-2020-15085 Client caching login operation with plaintext password in Saleor Storefront
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...