Lucene search
K

45 matches found

CNVD
CNVD
added 2021/05/21 12:0 a.m.6 views

Smartstore SmartStoreNET Directory Traversal Vulnerability

Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore versions prior to 4.1.0 that allows path traversal in...

9.1CVSS6.7AI score0.01802EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/21 12:0 a.m.4 views

Unspecified Vulnerability in Smartstore SmartStoreNET

Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore that allows CommonController.ClearCache,...

6.1CVSS6.7AI score0.02575EPSS
Exploits1References1
NVD
NVD
added 2021/05/19 7:15 p.m.36 views

CVE-2020-36364

An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...

9.1CVSS0.01802EPSS
Exploits1References2
OSV
OSV
added 2021/05/19 7:15 p.m.9 views

CVE-2020-36365

Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...

6.1CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2021/05/19 7:15 p.m.15 views

Path traversal

An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...

6.4CVSS9AI score0.01802EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/19 6:57 p.m.23 views

CVE-2020-36365

Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...

6.3AI score0.02575EPSS
Exploits1References1
CVE
CVE
added 2021/05/19 6:57 p.m.74 views

CVE-2020-36365

Smartstore (aka SmartStoreNET) before 4.1.0 contains an open redirect vulnerability exploitable via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a logged-in user to a malicious site, potentially enabling phishing or...

6.1CVSS6.2AI score0.02575EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/19 6:57 p.m.42 views

CVE-2020-36364

An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...

9.2AI score0.01802EPSS
Exploits1References2
CVE
CVE
added 2021/05/19 6:57 p.m.55 views

CVE-2020-36364

CVE-2020-36364 affects Smartstore/SmartStoreNET prior to 4.1.0. The issue arises in Administration/Controllers/ImportController.cs (ImportController.Create) where a TempFileName field enables path traversal during copy and delete actions. The publicly documented impact is classic path traversal, ...

9.1CVSS9.1AI score0.01802EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.5 views

Smartstore SmartStoreNET 输入验证错误漏洞

Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore that allows CommonController.ClearCache,...

6.1CVSS5.6AI score0.02575EPSS
Exploits1References1
OSV
OSV
added 2021/05/12 3:15 p.m.19 views

CVE-2021-32607

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/05/12 3:15 p.m.10 views

CVE-2021-32608

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...

9.8CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2021/05/12 3:15 p.m.11 views

Hardcoded credentials

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...

7.5CVSS9.3AI score0.33442EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/12 2:43 p.m.20 views

CVE-2021-32607

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...

9.6AI score0.33442EPSS
Exploits1References2
CVE
CVE
added 2021/05/12 2:43 p.m.52 views

CVE-2021-32607

CVE-2021-32607 concerns SmartStoreNET (SmartStore) up to version 4.1.1, where private messages rendered in Views/PrivateMessages/View.cshtml were not sanitized. The root cause, as described in the connected documentation, is a sanitize-then-transform pattern failure: user-controlled text is encod...

9.8CVSS9.4AI score0.33442EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/12 2:43 p.m.18 views

CVE-2021-32608

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...

9.6AI score0.33442EPSS
Exploits1References2
CVE
CVE
added 2021/05/12 2:43 p.m.62 views

CVE-2021-32608

CVE-2021-32608 affects SmartStoreNET up to version 4.1.1. The root cause is that Views/Boards/Partials/_ForumPost.cshtml renders user-controlled forum post text (FormattedText) without persistent sanitization, enabling a sanitize-then-transform issue. The vulnerability is demonstrated via Cross-S...

9.8CVSS9.4AI score0.33442EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.4 views

Smartstore SmartStoreNET 安全漏洞

Sanitize is an HTML and CSS cleaner by Ryan Grove, an individual developer in the United States, which supports removing HTML and CSS from strings and more. A security vulnerability exists in Smartstore version 4.1.1. The vulnerability stems from the fact that the program will not call...

9.8CVSS5.6AI score0.33442EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/05/12 12:0 a.m.5 views

PT-2021-19804 · Unknown · Smartstore

Name of the Vulnerable Software and Affected Versions: Smartstore aka SmartStoreNET versions through 4.1.1 Description: An issue was discovered where Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message, potentially leading to issues with private message...

9.8CVSS9.4AI score0.33442EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/05/12 12:0 a.m.5 views

PT-2021-19805 · Unknown · Smartstore

Name of the Vulnerable Software and Affected Versions: Smartstore aka SmartStoreNET versions through 4.1.1 Description: An issue was discovered where the Views/Boards/Partials/ ForumPost.cshtml file does not call HtmlUtils.SanitizeHtml on certain text for a forum post, potentially leading to issu...

9.8CVSS9.3AI score0.33442EPSS
Exploits1References6
Rows per page
Query Builder