16 matches found
EUVD-2021-13700
Malware in sbrugna...
EUVD-2022-49905
Malicious code in bioql PyPI...
EUVD-2024-41426
Malicious code in bioql PyPI...
CVE-2022-47130
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...
CVE-2024-45300
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
CVE-2024-45300 Bypassing promo code limitations with race conditions
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
alf.io 安全漏洞
Alf.io is a free and open source event attendance management system open-sourced by Alf.io. A security vulnerability exists in versions of alf.io prior to 2.0-M5, which stems from a race condition that could allow a user to bypass the quantity limit of a promotional code and use a discount coupon...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...
CVE-2022-47130
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...
CVE-2022-47130
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...
nopCommerce Cross-Site Scripting Vulnerability (CNVD-2021-14161)
nopCommerce is an open source e-commerce shopping cart software. A reflective cross-site scripting vulnerability exists in the Discount Coupon component in nopCommerce 4.30. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...
CVE-2021-26916
In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter...
CVE-2021-26916
In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter...
CVE-2021-26916
CVE-2021-26916 in nopCommerce 4.30 is a reflected cross-site scripting vulnerability in the Discount Coupon component. The flaw allows an attacker to inject arbitrary web script or HTML via the DiscountCode parameter located in Filters/CheckDiscountCouponAttribute.cs. The description across multi...
nopCommerce 跨站脚本漏洞
nopCommerce is an open source e-commerce shopping cart software. A reflective cross-site scripting vulnerability exists in the Discount Coupon component in nopCommerce 4.30. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...
Unfixed XSS vulnerability at www.24designs.net
Security researcher s0m3nak3dguy, has submitted on 01/03/2008 a cross-site-scripting XSS vulnerability affecting www.24designs.net, which at the time of submission ranked 5140669 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is...