23 matches found
CVE-2021-47909
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
CVE-2021-47909
CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...
CVE-2021-47909
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
Mult-E-Cart Ultimate SQL注入漏洞
Mult-E-Cart Ultimate is an e-commerce platform script developed by the Indian company Mult-E-Cart. Version 2.4 of Mult-E-Cart Ultimate contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection vulnerabilities present in the inventory, customer, supplier, and ord...
PT-2026-5555
Name of the Vulnerable Software and Affected Versions Mult-E-Cart Ultimate version 2.4 Description The software contains multiple SQL injection flaws within the inventory, customer, vendor, and order modules. Attackers with vendor or administrator privileges can exploit the id parameter to execut...
CVE-2021-47769
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
CVE-2021-47769
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
PT-2026-3045
Name of the Vulnerable Software and Affected Versions Isshue Shopping Cart version 3.5 Description The software contains a persistent cross-site scripting issue in title input fields within the stock, customer, and invoice modules. An attacker with elevated privileges can inject malicious scripts...
Bdtask Isshue Shopping Cart security vulnerability
Bdtask Isshue Shopping Cart is an e-commerce shopping cart software system developed by the Bangladeshi company Bdtask. Version 3.5 of Bdtask Isshue Shopping Cart contains a security vulnerability. This vulnerability stems from persistent cross-site scripting in the title input fields of the...
CVE-2022-31148
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via th...
CVE-2022-31148
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via th...
Cross site scripting
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via th...
CVE-2022-31148 Persistent cross site scripting in customer module in Shopware
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via th...
Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Impact Persistent XSS in customer module Patches We recommend updating to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...
GHSA-5834-XV5Q-CGFW Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Impact Persistent XSS in customer module Patches We recommend updating to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...
PT-2022-20563 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions 5.7.0 through 5.7.13 Description: A persistent cross-site scripting XSS issue exists in the customer module. This allows for malicious scripts to be executed in the context of the user's session. Users are recommended to...
CVE-2021-28567
The CVE-2021-28567 entry concerns Magento Commerce/Open Source with an Improper Authorization flaw in the customers module. Affected versions include Magento 2.4.2 and earlier, 2.4.1-p1 and earlier, and 2.3.6-p1 and earlier. The vulnerability allows a low-privileged user to modify customer data, ...