3 matches found
Design/Logic Flaw
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one...
CVE-2018-14020
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one...
Mutare Software EVM 2.2.9 Cross Site Request Forgery / Cross Site Scripting
Description: Mutare Software EVM 2.2.9 possibly earlier versions is vulnerable to CSRF and XSS. An attacker could do the following to a users' EVM settings: A. Change their EVM PIN B. Delete all of their voice messages C. Change or add any of their delivery address for voicemails CERT Vulnerabili...