CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

CubeCart 跨站脚本漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a cross-site scripting vulnerability. This vulnerability stemmed from a logical flaw in the search function. When only one product was returned during a search, uncleaned user input was...

PT-2026-40805

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An unauthenticated Reflected Cross-Site Scripting XSS issue exists in the search feature. A logic flaw in the classes/catalogue.class.php file allows user input to be reflected without sanitization...

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

CVE-2026-5110

The Gravity Forms WordPress plugin (versions

CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

PT-2026-36574

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the mass-delete endpoint. An attacker can delete products without proper authorization by sending a POST request to the bulk deletion endpoint, even when only a single product ID is provided. Remediation Upgrad...

CVE-2023-23156

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page...

CVE-2023-23156

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page...

CVE-2023-23156

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page...

CVE-2023-23156

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page...

PT-2023-18863 · Unknown · Art Gallery Management System Project

Name of the Vulnerable Software and Affected Versions: Art Gallery Management System Project in PHP version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the pid parameter in the single-product page. Recommendations: For Art Galler...