16 matches found
EUVD-2023-34576
Malicious code in bioql PyPI...
CVE-2023-30148
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
CVE-2020-16194
An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...
CVE-2023-30148
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
CVE-2023-30148
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
CVE-2023-30148
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
Cross site scripting
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
CVE-2023-30148
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
CVE-2023-30148
Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...
CVE-2023-30148
The CVE-2023-30148 issue affects Opart opartmultihtmlblock
CVE-2023-34577
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook method...
CVE-2023-34577
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook method...
PrestaShop SQL Injection Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop opartplannedpopup 1.4.11 and earlier versions, which originated fro...
Design/Logic Flaw
An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...
CVE-2020-16194
CVE-2020-16194 concerns an Insecure Direct Object Reference (IDOR) in Prestashop Opart devis versions before 4.0.2. Unauthenticated attackers can access any user’s invoice and delivery address by exploiting IDOR on the delivery_address and invoice_address fields. The vulnerability is documented a...
CVE-2020-16194
An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...