29 matches found
CVE-2020-37081
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...
EUVD-2020-30994
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...
CVE-2024-44661
PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting XSS via the quantity parameter in my-cart.php...
PT-2025-47199
Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0 Description The PHPGurukul Online Shopping Portal is susceptible to a Cross Site Scripting XSS issue. This flaw is located in the my-cart.php file and specifically affects the quantity parameter...
CVE-2025-11478
CVE-2025-11478 affects SourceCodester Farm Management System 1.0. The vulnerability stems from manipulation of the pid parameter in /myCart.php, enabling SQL injection and remote exploitation. Public exploits exist. Multiple connected sources corroborate the flaw, but there is no information in t...
EUVD-2020-15565
Malware in sbrugna...
EUVD-2025-18899
Malicious code in bioql PyPI...
CVE-2019-5979
Cross-site request forgery CSRF vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CampCodes Online Shopping Portal 注入漏洞
CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter billingaddress in file /my-cart.php. An...
GHSA-R728-JWF5-F5R5 Magento Reflected cross-site scripting on customer cart page
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's...
Magento Reflected cross-site scripting on customer cart page
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's...
CVE-2020-22808
An issue was found in yii2fecshop 2.x. There is a reflected XSS vulnerability in the check cart page...
Cross site scripting
An issue was found in yii2fecshop 2.x. There is a reflected XSS vulnerability in the check cart page...
CVE-2020-22808
CVE-2020-22808 affects yii2_fecshop 2.x with a reflected XSS vulnerability on the check cart page. The available documents attribute the issue to improper handling/encoding of user-supplied input leading to reflected script execution. Impact details are noted in the CVSS metadata (CVSSv3.1: base ...
yii2_fecshop 跨站脚本漏洞
yii2fecshop is an application system . Based on php Yii2 framework on top of the development of an excellent open source e-commerce system. A security vulnerability exists in version 2.x of yii2fecshop, which stems from a reflected XSS vulnerability in the shopping cart page...
WordPress Personalized WooCommerce Cart Page plugin <= 2.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Cryptography Laboratory in WordPress Personalized WooCommerce Cart Page plugin versions = 2.4. Solution Update the WordPress Personalized WooCommerce Cart Page plugin to the latest available version at least 2.5...
CVE-2019-5979
Cross-site request forgery CSRF vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2019-5979
Cross-site request forgery CSRF vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2019-5979
Summary (CVE-2019-5979): A CSRF flaw in the WordPress plugin “Personalized WooCommerce Cart Page” (versions 2.4 and earlier) could allow remote attackers to hijack administrator accounts through unspecified vectors. Public references consistently identify the affected component as the Personalize...