4 matches found
Cross-site Scripting
com.liferay.commerce.order.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation and output encoding due to the Account “Name” text field accepting unneutralized input; an attacker can inject a crafted payload into that field which is stored and...
CVE-2023-0966
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/vieworder. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotel...
ecshop the goods_attr and goods_attr_id two secondary injection vulnerability detailed analysis-vulnerability warning-the black bar safety net
A: goodsattrid secondary injection ! 2 0 1 3 0 7 3 0 1 5 2 7 4 9 1 Injection use process: 1. Add items to your cart, write the injection code to product attribute id http://localhost/test/ecshop/flow.php?step=addtocart POST: goods="quick":1,"spec":"1 6 3","1 5 8'","goodsid":3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the 1 address and 2 order information, which are later displayed on the order view page and...