3007 matches found
Dokuzsoft E-Commerce Product 跨站脚本漏洞
Dokuzsoft E-Commerce Product is an e-commerce system developed by the Turkish company Dokuzsoft. Versions of Dokuzsoft E-Commerce Product from January 1, 2025, and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation,...
CVE-2019-25460
Affected software : Web Ofisi Platinum E-Ticaret v5. Vulnerability : SQL injection allowing unauthenticated attackers to manipulate queries via the 'q' GET parameter on the arama endpoint, using time-based techniques to extract data. Root cause / method : improper input handling enabling time-bas...
CVE-2025-15583
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...
CVE-2025-15582
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2025-15583
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...
CVE-2025-15583 detronetdip E-commerce function.php get_safe_value cross site scripting
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...
CVE-2025-15583 detronetdip E-commerce function.php get_safe_value cross site scripting
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...
CVE-2025-15582 detronetdip E-commerce Product Management Update authorization
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The...
E-commerce 安全漏洞
E-commerce is a dynamic e-commerce website developed by Bhabishya Ghimire as an individual developer. Version 1.0.0 of E-commerce has security vulnerabilities; these vulnerabilities stem from improper handling of ID parameters in the Delete/Update functions of the product management module, which...
PT-2026-21248
Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A security flaw exists in detronetdip E-commerce 1.0.0, specifically within the Delete/Update function of the Product Management Module. Manipulation of the ID argument can lead to authorization...
CVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13004
CVE-2025-13004 involves the Farktor Software E-Commerce Package. Affected: E-Commerce Package (through 27112025). Vulnerability: Authorization Bypass Through User-Controlled Key by manipulating user-controlled variables. Root cause: inadequate validation/verification of keys or variables enabling...
CVE-2025-13002
CVE-2025-13002 concerns an XSS in Farktor Software’s E-Commerce Package (E-Commerce Services Inc.). The issue arises from Improper Neutralization of Input During Web Page Generation and affects versions up to 27112025. The CVSS‑3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H with a base score o...
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...
CVE-2025-10969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...