18 matches found
CVE-2025-13002
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002
CVE-2025-13002 concerns an XSS in Farktor Software’s E-Commerce Package (E-Commerce Services Inc.). The issue arises from Improper Neutralization of Input During Web Page Generation and affects versions up to 27112025. The CVSS‑3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H with a base score o...
CVE-2025-10969 SQLi in Farktor Software's E-Commerce Package
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025...
CVE-2025-10969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025...
CVE-2025-10969
CVE-2025-10969 is a SQL Injection vulnerability in Farktor Software E-Commerce Package (through 27112025). The issue arises from improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. CVSS v3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector, no privile...
PT-2026-7842
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...
Farktor E-Commerce Package SQL注入漏洞
Farktor E-Commerce Package is an e-commerce platform developed by the Turkish company Farktor. The Farktor E-Commerce Package versions 27112025 and earlier have a SQL injection vulnerability. This vulnerability stems from improper neutralization of special elements, which may lead to blind SQL...
PT-2026-7840
Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description The software contains an improper neutralization of special elements used in an SQL command, leading to a Blind SQL Injection issue. This allows for potential unauthoriz...
PT-2026-7841
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2021-26631
The CVE-2021-26631 entry concerns Mangboard commerce package: an improper input validation vulnerability that allows a remote attacker to manipulate an order’s total amount to a negative value and complete payment. Public sources mention affected versions prior to 1.3.8 (CNNVD), with additional d...
E-commerce Cross site scripting vulnerability
It is possible for a malicious user with the 'create products' permission to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. The create products permission is...
AgoraCart agora.cgi cart_id Parameter XSS
Agora is a CGI-based, e-commerce package. Due to poor input validation, Agora allows an attacker to execute cross-site scripting attacks. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details include'deprecatednasllevel.inc'; include'compat.inc'; if...