21 matches found
EUVD-2023-60560
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the fromoption, fromctrl,...
CVE-2023-54364 Joomla HikaShop 4.7.4 Reflected XSS via Product Filter
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the fromoption, fromctrl,...
CVE-2023-54364
Joomla HikaShop 4.7.4 is affected by a reflected XSS vulnerability in the product filter endpoint. The issue allows unauthenticated attackers to inject scripts via GET parameters (from_option, from_ctrl, from_task, from_itemid). Victims visiting a crafted link can have scripts executed, with pote...
CVE-2024-40746
A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...
CVE-2024-40746 Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1
A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...
CVE-2024-40746
CVE-2024-40746 is a stored XSS affecting the Hikashop Joomla component prior to 5.1.1. The root cause is that the description parameter in a product is not sanitized in the backend, enabling a remote attacker to inject arbitrary JavaScript into a user’s browser. Affected software: Hikashop Joomla...
CVE-2024-40746 Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1
A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...
CVE-2023-38044 Extension - hikashop.com - SQLi in HikaShop component for Joomla <= 4.7.2
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability allows SQL Injection...
Joomla HikaShop 4.7.4 - Reflected XSS
Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: Hikari Software Team Vendor Homepage: https://www.hikashop.com/ Software Link: https://demo.hikashop.com/index.php/en/ Joomla Extension Link:...
Joomla HikaShop 4.7.4 - Reflected XSS Vulnerability
Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS Exploit Author: CraCkEr Vendor: Hikari Software Team Vendor Homepage: https://www.hikashop.com/ Software Link: https://demo.hikashop.com/index.php/en/ Joomla Extension Link:...
Joomla HikaShop 4.7.4 Cross Site Scripting
Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: Hikari Software Team Vendor Homepage: https://www.hikashop.com/ Software Link: https://demo.hikashop.com/index.php/en/ Joomla Extension Link:...
HikaShop Joomla Plugin, , SQL Injection
anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...
CVE-2015-7344
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload/caption...
Design/Logic Flaw
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload/caption...
CVE-2015-7344
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload/caption...
CVE-2015-7344
CVE-2015-7344 concerns the HikaShop Joomla Component prior to 2.6.0, where an XSS vulnerability exists via an injected payload in the affected component. The available connected sources confirm the vulnerability is an XSS issue but do not provide specific exploit details, affected versions beyond...
HikaShop PHP对象注入漏洞
0x01漏洞背景 HikaShop是基于著名开源CMS Joomla!的电子商务程序,可以帮助用户轻松的开发电子商务网站或网店。 对象注入通常发生在用户的输入,被传递给unserialize函数然后进行调用的时候。黑客可以通过构造输入内容,向WEB服务器发送当前WEB应用下的一个序列化的类实例,保证这些被定义为魔术方法的类,在特定的时候会被触发,从而执行其中的恶意代码。 0x02漏洞分析...
User Group FTW For Hikashop,1.1.5,Other
User Group FTW For Hikashop, 1.1.5, Other...
Joomla Component com_hikashop LFI
Local file include vulnerability in Joomla Component comhikashop Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...
HikaShop 2.3.3 Local File Inclusion
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'HikaShop - LFI poc for authenticated users', 'Description' = %q HikaShop 2.3.3 is vulnerable to local file include attack...