45 matches found
Smartstore <4.1.0 - Open Redirect
Smartstore aka "SmartStoreNET" before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data,...
EUVD-2021-19447
Malware in sbrugna...
EUVD-2020-7264
Malware in sbrugna...
EUVD-2020-23901
Malware in sbrugna...
EUVD-2020-23902
Malware in sbrugna...
EUVD-2021-19448
Malware in sbrugna...
EUVD-2025-30390
Malicious code in bioql PyPI...
CVE-2025-10778
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-10778
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-10778
Vulnerability summary (CVE-2025-10778) : A race condition exists in the Gift Voucher Handler component of Smartstore, located in the unknown function within the /checkout/confirm/ path, affecting Smartstore versions up to 6.2.0 (and addressed in later advisories recommending 6.2.1+). The issue ca...
CVE-2025-10778 Smartstore Gift Voucher confirm race condition
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-10778 Smartstore Gift Voucher confirm race condition
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
PT-2025-38677
Name of the Vulnerable Software and Affected Versions Smartstore versions prior to 6.2.1 Description A race condition exists in the Gift Voucher Handler component of Smartstore. The issue is located in an unknown function within the /checkout/confirm/ file. The attack can be initiated remotely an...
Smartstore 竞争条件问题漏洞
Smartstore is an e-commerce platform open-sourced by Smartstore AG. A Competitive Condition Issue vulnerability exists in Smartstore version 6.2.0 and earlier, which stems from a competitive condition in file/checkout/confirm in the component Gift Voucher Handler, which could lead to a remote...
CVE-2021-32607
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...
CVE-2021-32608
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...
CVE-2020-36365
Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...
CVE-2020-36364
An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...
CVE-2020-15243
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...
Sanitize has an unspecified vulnerability
Sanitize is an HTML and CSS cleaner by Ryan Grove, an individual developer in the United States, which supports removing HTML and CSS from strings and more. A security vulnerability exists in Smartstore version 4.1.1. The vulnerability stems from the fact that the program will not call...