Lucene search
+L

3007 matches found

cnnvd
cnnvd
added 2026/02/26 12:0 a.m.11 views

Dokuzsoft E-Commerce Product 跨站脚本漏洞

Dokuzsoft E-Commerce Product is an e-commerce system developed by the Turkish company Dokuzsoft. Versions of Dokuzsoft E-Commerce Product from January 1, 2025, and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation,...

7.6CVSS5.7AI score0.00185EPSS
Exploits0References1
cve
cve
added 2026/02/22 2:12 p.m.13 views

CVE-2019-25460

Affected software : Web Ofisi Platinum E-Ticaret v5. Vulnerability : SQL injection allowing unauthenticated attackers to manipulate queries via the 'q' GET parameter on the arama endpoint, using time-based techniques to extract data. Root cause / method : improper input handling enabling time-bas...

8.8CVSS5.9AI score0.00363EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2026/02/21 7:30 p.m.8 views

CVE-2025-15583

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

5.4CVSS3.9AI score0.00239EPSS
Exploits1References1
nvd
nvd
added 2026/02/20 5:25 p.m.10 views

CVE-2025-15582

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The...

8.1CVSS0.00348EPSS
Exploits1References6
nvd
nvd
added 2026/02/20 5:25 p.m.12 views

CVE-2025-15583

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

5.4CVSS0.00239EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2026/02/20 4:32 p.m.2 views

CVE-2025-15583 detronetdip E-commerce function.php get_safe_value cross site scripting

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

5.1CVSS3.3AI score0.00239EPSS
Exploits1References6
cvelist
cvelist
added 2026/02/20 4:32 p.m.32 views

CVE-2025-15583 detronetdip E-commerce function.php get_safe_value cross site scripting

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

5.1CVSS0.00239EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2026/02/20 4:32 p.m.4 views

CVE-2025-15582 detronetdip E-commerce Product Management Update authorization

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The...

5.5CVSS5.1AI score0.00348EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/02/20 12:0 a.m.8 views

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website developed by Bhabishya Ghimire as an individual developer. Version 1.0.0 of E-commerce has security vulnerabilities; these vulnerabilities stem from improper handling of ID parameters in the Delete/Update functions of the product management module, which...

8.1CVSS6AI score0.00348EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.5 views

PT-2026-21248

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A security flaw exists in detronetdip E-commerce 1.0.0, specifically within the Delete/Update function of the Product Management Module. Manipulation of the ID argument can lead to authorization...

5.5CVSS5.6AI score0.00348EPSS
Exploits1References9
nvd
nvd
added 2026/02/12 2:16 p.m.5 views

CVE-2025-13004

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...

6.3CVSS0.00254EPSS
Exploits0References2
osv
osv
added 2026/02/12 2:16 p.m.7 views

CVE-2025-13002

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...

6.1CVSS5.8AI score0.00215EPSS
Exploits0References1
nvd
nvd
added 2026/02/12 2:16 p.m.7 views

CVE-2025-13002

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...

8.2CVSS0.00215EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/12 1:12 p.m.7 views

CVE-2025-13004

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...

6.3CVSS5.8AI score0.00254EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/12 1:12 p.m.30 views

CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...

6.3CVSS0.00254EPSS
Exploits0References2
cve
cve
added 2026/02/12 1:12 p.m.14 views

CVE-2025-13004

CVE-2025-13004 involves the Farktor Software E-Commerce Package. Affected: E-Commerce Package (through 27112025). Vulnerability: Authorization Bypass Through User-Controlled Key by manipulating user-controlled variables. Root cause: inadequate validation/verification of keys or variables enabling...

6.3CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/02/12 12:57 p.m.14 views

CVE-2025-13002

CVE-2025-13002 concerns an XSS in Farktor Software’s E-Commerce Package (E-Commerce Services Inc.). The issue arises from Improper Neutralization of Input During Web Page Generation and affects versions up to 27112025. The CVSS‑3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H with a base score o...

8.2CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/02/12 12:57 p.m.31 views

CVE-2025-13002 XSS in Farktor Software's E-Commerce Package

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...

8.2CVSS0.00215EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/12 12:57 p.m.6 views

CVE-2025-13002 XSS in Farktor Software's E-Commerce Package

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...

8.2CVSS5.8AI score0.00215EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/12 12:50 p.m.4 views

CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

9.8CVSS5.6AI score0.00345EPSS
Exploits0References3
Rows per page
Query Builder