45 matches found
Smartstore SmartStoreNET Directory Traversal Vulnerability
Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore versions prior to 4.1.0 that allows path traversal in...
Unspecified Vulnerability in Smartstore SmartStoreNET
Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore that allows CommonController.ClearCache,...
CVE-2020-36364
An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...
CVE-2020-36365
Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...
Path traversal
An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...
CVE-2020-36365
Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...
CVE-2020-36365
Smartstore (aka SmartStoreNET) before 4.1.0 contains an open redirect vulnerability exploitable via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a logged-in user to a malicious site, potentially enabling phishing or...
CVE-2020-36364
An issue was discovered in Smartstore aka SmartStoreNET before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal for copy and delete actions in the ImportController.Create method via a TempFileName field...
CVE-2020-36364
CVE-2020-36364 affects Smartstore/SmartStoreNET prior to 4.1.0. The issue arises in Administration/Controllers/ImportController.cs (ImportController.Create) where a TempFileName field enables path traversal during copy and delete actions. The publicly documented impact is classic path traversal, ...
Smartstore SmartStoreNET 输入验证错误漏洞
Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A security vulnerability exists in Smartstore that allows CommonController.ClearCache,...
CVE-2021-32607
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...
CVE-2021-32608
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...
Hardcoded credentials
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...
CVE-2021-32607
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...
CVE-2021-32607
CVE-2021-32607 concerns SmartStoreNET (SmartStore) up to version 4.1.1, where private messages rendered in Views/PrivateMessages/View.cshtml were not sanitized. The root cause, as described in the connected documentation, is a sanitize-then-transform pattern failure: user-controlled text is encod...
CVE-2021-32608
An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...
CVE-2021-32608
CVE-2021-32608 affects SmartStoreNET up to version 4.1.1. The root cause is that Views/Boards/Partials/_ForumPost.cshtml renders user-controlled forum post text (FormattedText) without persistent sanitization, enabling a sanitize-then-transform issue. The vulnerability is demonstrated via Cross-S...
Smartstore SmartStoreNET 安全漏洞
Sanitize is an HTML and CSS cleaner by Ryan Grove, an individual developer in the United States, which supports removing HTML and CSS from strings and more. A security vulnerability exists in Smartstore version 4.1.1. The vulnerability stems from the fact that the program will not call...
PT-2021-19804 · Unknown · Smartstore
Name of the Vulnerable Software and Affected Versions: Smartstore aka SmartStoreNET versions through 4.1.1 Description: An issue was discovered where Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message, potentially leading to issues with private message...
PT-2021-19805 · Unknown · Smartstore
Name of the Vulnerable Software and Affected Versions: Smartstore aka SmartStoreNET versions through 4.1.1 Description: An issue was discovered where the Views/Boards/Partials/ ForumPost.cshtml file does not call HtmlUtils.SanitizeHtml on certain text for a forum post, potentially leading to issu...