Lucene search
K

6 matches found

CNNVD
CNNVD
added 2024/01/13 12:0 a.m.4 views

EverShop Security Breach

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8, which stems from the HMAC secret used to generate tokens being hardcoded as "secret"...

9.1CVSS6.7AI score0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/13 12:0 a.m.6 views

EverShop Security Breach

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8 that stems from a lack of authentication. An attacker exploited the vulnerability to obtain sensitive information through incorrect authorization in a GraphQ...

7.5CVSS6.4AI score0.00732EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/08 8:15 p.m.4 views

CVE-2023-46495

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter...

6.1CVSS5.8AI score0.00494EPSS
Exploits0References3
OSV
OSV
added 2023/12/08 8:15 p.m.9 views

CVE-2023-46498

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...

9.8CVSS6.1AI score0.01285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/08 8:15 p.m.4 views

CVE-2023-46498

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...

9.8CVSS6.1AI score0.01285EPSS
Exploits0References3
OSV
OSV
added 2023/12/08 8:15 p.m.6 views

CVE-2023-46496

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...

8.3CVSS5.8AI score0.01186EPSS
Exploits0References2
Rows per page
Query Builder