46 matches found
CVE-2020-12058
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...
CVE-2024-58296
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page...
CVE-2024-58296 CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page...
CVE-2024-58296 CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page...
CE Phoenix 跨站脚本漏洞
CE Phoenix is a powerful e-commerce store from Phoenix Cart open source. A cross-site scripting vulnerability exists in CE Phoenix version v3.0.1, which stems from the presence of stored cross-site scripting in the Currency Management Panel that could lead to the execution of arbitrary JavaScript...
EUVD-2020-4374
Malware in sbrugna...
EUVD-2025-16641
Malicious code in bioql PyPI...
CVE-2025-47272
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
CVE-2025-47289
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47272
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
CVE-2025-47289
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2025-47289
Summary: CVE-2025-47289 is a stored XSS in CE Phoenix (versions 1.0.9.9–1.1.0.2) where an attacker can inject JavaScript into the testimonial description. When an admin approves the testimonial, the script runs in the context of any visiting user, and cookies may be exfiltrated because they are n...
CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...
CE Phoenix Cart 访问控制错误漏洞
CE Phoenix Cart is a free, open source e-commerce shopping cart software from CE Phoenix Cart Open Source. An access control error vulnerability exists in CE Phoenix Cart versions prior to 1.0.9.7 through 1.1.0.3, which stems from a lack of password revalidation when deleting an account, which...
PT-2025-23491 · Unknown · Ce Phoenix
Name of the Vulnerable Software and Affected Versions: CE Phoenix eCommerce platform versions 1.0.9.7 through 1.1.0.3 Description: The issue allows logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session...
PT-2025-23496 · Unknown · Ce Phoenix
Name of the Vulnerable Software and Affected Versions: CE Phoenix versions 1.0.9.9 through 1.1.0.2 Description: A stored cross-site scripting XSS issue was found in CE Phoenix, where an attacker can inject malicious JavaScript into the testimonial description field. If the shop owner approves the...
CVE-2024-25415
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...