40 matches found
SimplCommerce 安全漏洞
SimplCommerce is SimplCommerce open source a simple, cross-platform, modular e-commerce system built on . A security vulnerability exists in SimplCommerce that stems from improper access control...
CVE-2024-50945
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product...
CVE-2024-50945
CVE-2024-50945 concerns SimplCommerce. A commit (230310c8d7a0408569b292c5a805c459d47a1d8f) exhibits an improper access control in the review submission flow, allowing users to post reviews without confirming product purchase. Affected product: SimplCommerce (review system). Impact stated in sourc...
PT-2024-34465 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: SimplCommerce version at commit 230310c8d7a0408569b292c5a805c459d47a1d8f SimplCommerce version 1.0.0 Description: An integer overflow vulnerability exists in the shopping cart functionality of SimplCommerce. The issue lies in the quantity...
PT-2024-34466 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: SimplCommerce version 230310c8d7a0408569b292c5a805c459d47a1d8f Description: An improper access control issue exists, allowing users to submit reviews without verifying if they have purchased the product. This issue affects the review system,...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
Simplcommerce 安全漏洞
Simplcommerce is a .Net based e-commerce platform by the individual developer of Simplcommerce. A security vulnerability exists in Simplcommerce. A remote attacker can exploit the vulnerability to execute arbitrary code in the search bar function via a specially crafted script...
CVE-2020-27478
Summary of CVE-2020-27478 (SimplCommerce): A Cross Site Scripting vulnerability exists in SimplCommerce versions from 40734964b0811f3cbaf64b6dac261683d256f961 through 3103357200c70b4767986544e01b19dbf11505a7. The underlying issue is a crafted script injected into the search bar, enabling a remote...
PT-2024-10807 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: Simplcommerce versions 40734964b0811f3cbaf64b6dac261683d256f961 through 3103357200c70b4767986544e01b19dbf11505a7 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script to the search b...
Business Logic Errors in simplcommerce/simplcommerce
Description SimplCommerce allows negative product allowing one to get products for free The fix here https://github.com/simplcommerce/SimplCommerce/issues/971 does not work because client-side controls can by bypassed by modifying the POST request Proof of Concept 1: Add one $75 and $25 item in...
Simplcommerce Cross-Site Scripting Vulnerability
Simplcommerce is Simplcommerce individual developers of a .Net-based e-commerce platform. SimplCommerce 1.0.0-rc suffers from a cross-site scripting vulnerability in which the Bootbox.js library does not perform any cleanup operations on user input. No details of the vulnerability are provided at...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
Design/Logic Flaw
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
CVE-2020-29587
CVE-2020-29587 affects SimplCommerce 1.0.0-rc. The root cause is that the Bootbox.js library used for Bootstrap modal dialogs does not sanitize user input and uses jQuery .html() to append payloads, resulting in a DOM XSS vulnerability. Exploitation details are not provided in the documents, but ...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
Simplcommerce 跨站脚本漏洞
Simplcommerce is Simplcommerce individual developers of a .Net-based e-commerce platform. SimplCommerce 1.0.0-rc suffers from a cross-site scripting vulnerability in which the Bootbox.js library does not perform any cleanup operations on user input. No details of the vulnerability are provided at...