13 matches found
EUVD-2024-50229
Malicious code in bioql PyPI...
EUVD-2025-25201
Malicious code in bioql PyPI...
Fortra FileCatalyst 5.1.6 < 5.2.0 build 130 Unrestricted File Upload (fi-2025-010)
The version of Fortra FileCatalyst Workflow running on the remote host is 5.1.6 prior to 5.2.0 build 130. It is, therefore, is affected by a unrestricted file upload vulnerability as referenced in fi-2025-010 advisory. - Improper Access Control issue in the Workflow component of Fortra's...
CVE-2025-8450
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-8450
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-8450 Unrestricted File Upload in FileCatalyst
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-8450 Unrestricted File Upload in FileCatalyst
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...
CVE-2025-8450
The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...
PT-2025-33838 · Fortra · Fortra Filecatalyst
Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...
CVE-2024-9944
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will...
CVE-2024-9944
CVE-2024-9944 – WooCommerce for WordPress : HTML Injection in all versions up to 9.0.2 caused by insufficient HTML neutralization in submitted order forms. Exploitation could render injected HTML when an admin views orders. The issue is publicly detailed across multiple sources (Wordfence, NVD, P...
PT-2024-39957 · WordPress · Woocommerce
Name of the Vulnerable Software and Affected Versions: WooCommerce plugin for WordPress versions up to, and including, 9.0.2 Description: The issue arises from the plugin not properly neutralizing HTML elements from submitted order forms, making it possible for unauthenticated attackers to inject...
Vulnerability - cpCommerce - XSS
cpcommerce is a FOSS php-based e-commerce shopping cart web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the...