6 matches found
EverShop Security Breach
EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8, which stems from the HMAC secret used to generate tokens being hardcoded as "secret"...
EverShop Security Breach
EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8 that stems from a lack of authentication. An attacker exploited the vulnerability to obtain sensitive information through incorrect authorization in a GraphQ...
CVE-2023-46495
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter...
CVE-2023-46498
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...
CVE-2023-46498
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...
CVE-2023-46496
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...