33 matches found
CVE-2022-33077
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...
EUVD-2020-12597
Malware in sbrugna...
EUVD-2021-22659
Malware in sbrugna...
EUVD-2022-5480
Malicious code in bioql PyPI...
EUVD-2022-2758
Malicious code in bioql PyPI...
EUVD-2022-36134
Malicious code in bioql PyPI...
CVE-2018-5301
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433...
Warehouse Management System 跨站脚本漏洞
Warehouse Management System is a warehouse management system developed by Carlo Montero. A cross-site scripting vulnerability exists in Warehouse Management System version 1.0, which stems from the parameter namacustomer/alamatcustomer/notelpcustomer in the file customer.php and results in...
BIT-MAGENTO-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires...
SUSE CVE-2020-1771
Attacker is able craft an article with a link to the customer address book with malicious content JavaScript. When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: OTRS Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior...
nopCommerce 安全漏洞
nopCommerce is a set of open source general e-commerce platform. An Access Control Error vulnerability exists in nopCommerce 4.50.2 and prior versions. The vulnerability stems from the presence of improper access control in the application and can be exploited by an attacker to arbitrarily modify...
CVE-2022-33077
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...
GHSA-8GFQ-M4CF-W975 Magento stored cross-site scripting vulnerability in the customer address upload feature
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...
Magento stored cross-site scripting vulnerability in the customer address upload feature
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...
GHSA-6988-G89M-27VF Magento stored cross-site scripting (XSS) in the customer address upload feature
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...
Magento stored cross-site scripting (XSS) in the customer address upload feature
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...
CVE-2021-28901
Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...
CVE-2021-36026
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...
CVE-2021-36026
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...
Cross site scripting
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...