CVE-2021-32607

CVE-2021-32607 concerns SmartStoreNET (SmartStore) up to version 4.1.1, where private messages rendered in Views/PrivateMessages/View.cshtml were not sanitized. The root cause, as described in the connected documentation, is a sanitize-then-transform pattern failure: user-controlled text is encod...

CVE-2021-32608

CVE-2021-32608 affects SmartStoreNET up to version 4.1.1. The root cause is that Views/Boards/Partials/_ForumPost.cshtml renders user-controlled forum post text (FormattedText) without persistent sanitization, enabling a sanitize-then-transform issue. The vulnerability is demonstrated via Cross-S...

Smartstore SmartStoreNET Cross-Site Request Forgery Vulnerability

Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A cross-site request forgery vulnerability exists in Smartstore SmartStoreNET versions prior to 4.1.0...

CVE-2020-27997

An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery CSRF protection may lead to elevation of privileges e.g., /admin/customer/create to create an admin account...

CVE-2020-27997

An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery CSRF protection may lead to elevation of privileges e.g., /admin/customer/create to create an admin account...

Cross site request forgery (csrf)

An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery CSRF protection may lead to elevation of privileges e.g., /admin/customer/create to create an admin account...

CVE-2020-27997

CVE-2020-27997 affects SmartStoreNET before 4.1.0. The issue is a CSRF protection gap that may allow elevation of privileges, for example by calling /admin/customer/create to create an admin account. The available documents confirm the vulnerability's existence and context but do not provide conc...

CVE-2020-27997

An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery CSRF protection may lead to elevation of privileges e.g., /admin/customer/create to create an admin account...

Smartstore SmartStoreNET 跨站请求伪造漏洞

Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A cross-site request forgery vulnerability exists in Smartstore SmartStoreNET versions prior to 4.1.0...

CVE-2020-27996

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations...

CVE-2020-27996

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations...

Design/Logic Flaw

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations...

CVE-2020-27996

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations...

CVE-2020-27996

"CVE-2020-27996 affects SmartStoreNET