Authentication Bypass

Thelia is vulnerable to Authentication Bypass. The vulnerability is due to improper authentication which allows an attacker to bypass customer and admin authentication...

Cross-Site Scripting

thelia/thelia is vulnerable to Cross-site Scripting. The vulnerability is due to insufficient sanitization within the error.html template of the BackOffice. This allowing attackers to inject malicious scripts that can be executed in the browsers of users visiting the affected page...

Cross-site Scripting (XSS)

Thelia is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization within the error.html template which allows an attacker to inject and execute malicious scripts...

GHSA-G8PG-33V4-9R96 Thelia authentication bypass vulnerability

An authentication bypass was identifed in thelia/thelia project for customer and admin. This vulnerability is present from version 2.1.0-beta1 and is fixed in 2.1.3 and 2.2.0-alpha1...

Thelia authentication bypass vulnerability

An authentication bypass was identifed in thelia/thelia project for customer and admin. This vulnerability is present from version 2.1.0-beta1 and is fixed in 2.1.3 and 2.2.0-alpha1...

GHSA-PP7V-WXX9-HM6R Thelia BackOffice default template vulnerable to Cross-site Scripting

The BackOffice of Thelia error.html template has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue...

Thelia BackOffice default template vulnerable to Cross-site Scripting

The BackOffice of Thelia error.html template has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue...

Thelia Cross-site Scripting vulnerability in BackOffice

The BackOffice of Thelia error.html template has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue...

GHSA-VQ4J-QCX7-PPC6 Thelia Cross-site Scripting vulnerability in BackOffice

The BackOffice of Thelia error.html template has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue...

PT-2024-40295 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: thelia/thelia versions 2.1.0-beta1 through 2.1.2 Description: An authentication bypass issue was identified, affecting both customer and admin authentication. Recommendations: For thelia/thelia versions 2.1.0-beta1 through 2.1.2, update to...

PT-2024-40486 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: Thelia versions 2.1.0 through 2.1.1 Description: The BackOffice of Thelia has a cross-site scripting issue in the error.html template. This issue is resolved in version 2.1.2. Recommendations: For Thelia versions 2.1.0 and 2.1.1, update to...

PT-2024-40404 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: Thelia versions 2.1.0 through 2.1.1 Description: The BackOffice of Thelia has a cross-site scripting issue in the error.html template. Recommendations: For versions 2.1.0 and 2.1.1, update to version 2.1.2 to resolve the issue...

Thelia 2.2.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Thelia 2.2.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Full...

THELIA 1.4.2.1Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37855/info THELIA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the brows...

Thelia 1.3.5 - Multiple Vulnerabilities Exploit

No description provided by source. !/usr/bin/php ?php ------- Thelia 1.3.5 Multiple Vulnerability Exploit http://www.thelia.fr/ THELIA est un logiciel évolutif de Commerce Electronique. THELIA se distingue des applications concurrentes par sa facilité de personnalisation. A new version 1.3.6.1 is...

Thelia 1.5.1 Cross Site Scripting

HTTPCS Advisory : HTTPCS30 Product : Thelia Version : 1.5.1 Date : 2012-07-11 Criticality level : Less Critical Description : A vulnerability has been discovered in Thelia, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'lang' parameter to...

THELIA 1.4.2.1Multiple Cross-Site Scripting Vulnerabilities

THELIA 1.4.2.1Multiple Cross Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/37855/info THELIA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

Thelia 1.4.2.1 Cross Site Scripting

Exploit Title: Thelia Date: 17/01/2010 Author: EsSandRe Software Link: http://www.thelia.fr/fichiers/thelia1.4.2.1.zip Version: 1.4.2.1 Tested on: / Vulnérabilité XSS au niveau de la variable 'motcle' de type POST http://localhost/recherche.php Une deuxième au niveau de la variable "ref" dans le...

thelia-multi.txt

!/usr/bin/php | | URL: http://blackh.free.fr - http://blackh.eu | ======================================================================== | $system $argv0 -url -a -n -f | | Notes: -url ex: http://victim.com/site/ | | -a 1 : Validate Command without Payment | | -n Commmand number ex: CDE5627JOC |...

Thelia 1.3.5 - Multiple Vulnerabilities

!/usr/bin/php | | URL: http://blackh.free.fr - http://blackh.eu | ======================================================================== | $system $argv0 -url -a -n -f | | Notes: -url ex: http://victim.com/site/ | | -a 1 : Validate Command without Payment | | -n Commmand number ex: CDE5627JOC |...