3 matches found
GHSA-5VRP-638W-P8M2 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...
WordPress Shopping Cart & eCommerce Store plugin <= 5.2.4 - Arbitrary Design Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Design Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress Shopping Cart & eCommerce Store plugin versions = 5.2.4. Solution Update the WordPress Shopping Cart & eCommerce Store plugin to the latest available version at least 5.2.5...
Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF
The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...