40 matches found
CVE-2024-50945
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product...
SimplCommerce 安全漏洞
SimplCommerce is SimplCommerce open source a simple, cross-platform, modular e-commerce system built on . A security vulnerability exists in SimplCommerce. An attacker could exploit the vulnerability to bypass inventory limits and submit simultaneous purchase requests for the same product from...
CVE-2024-50945
CVE-2024-50945 concerns SimplCommerce. A commit (230310c8d7a0408569b292c5a805c459d47a1d8f) exhibits an improper access control in the review submission flow, allowing users to post reviews without confirming product purchase. Affected product: SimplCommerce (review system). Impact stated in sourc...
PT-2024-34465 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: SimplCommerce version at commit 230310c8d7a0408569b292c5a805c459d47a1d8f SimplCommerce version 1.0.0 Description: An integer overflow vulnerability exists in the shopping cart functionality of SimplCommerce. The issue lies in the quantity...
PT-2024-34466 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: SimplCommerce version 230310c8d7a0408569b292c5a805c459d47a1d8f Description: An improper access control issue exists, allowing users to submit reviews without verifying if they have purchased the product. This issue affects the review system,...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
CVE-2020-27478
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature...
Simplcommerce 安全漏洞
Simplcommerce is a .Net based e-commerce platform by the individual developer of Simplcommerce. A security vulnerability exists in Simplcommerce. A remote attacker can exploit the vulnerability to execute arbitrary code in the search bar function via a specially crafted script...
CVE-2020-27478
Summary of CVE-2020-27478 (SimplCommerce): A Cross Site Scripting vulnerability exists in SimplCommerce versions from 40734964b0811f3cbaf64b6dac261683d256f961 through 3103357200c70b4767986544e01b19dbf11505a7. The underlying issue is a crafted script injected into the search bar, enabling a remote...
PT-2024-10807 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: Simplcommerce versions 40734964b0811f3cbaf64b6dac261683d256f961 through 3103357200c70b4767986544e01b19dbf11505a7 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script to the search b...
Business Logic Errors in simplcommerce/simplcommerce
Description SimplCommerce allows negative product allowing one to get products for free The fix here https://github.com/simplcommerce/SimplCommerce/issues/971 does not work because client-side controls can by bypassed by modifying the POST request Proof of Concept 1: Add one $75 and $25 item in...
Simplcommerce Cross-Site Scripting Vulnerability
Simplcommerce is Simplcommerce individual developers of a .Net-based e-commerce platform. SimplCommerce 1.0.0-rc suffers from a cross-site scripting vulnerability in which the Bootbox.js library does not perform any cleanup operations on user input. No details of the vulnerability are provided at...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
Design/Logic Flaw
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
CVE-2020-29587
CVE-2020-29587 affects SimplCommerce 1.0.0-rc. The root cause is that the Bootbox.js library used for Bootstrap modal dialogs does not sanitize user input and uses jQuery .html() to append payloads, resulting in a DOM XSS vulnerability. Exploitation details are not provided in the documents, but ...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
Simplcommerce 跨站脚本漏洞
Simplcommerce is Simplcommerce individual developers of a .Net-based e-commerce platform. SimplCommerce 1.0.0-rc suffers from a cross-site scripting vulnerability in which the Bootbox.js library does not perform any cleanup operations on user input. No details of the vulnerability are provided at...