173 matches found
CVE-2021-47897
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...
CVE-2021-47892
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...
CVE-2021-47897
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...
CVE-2021-47897 PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...
CVE-2021-47897 PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...
CVE-2021-47897
CVE-2021-47897 affects PEEL Shopping 9.3.0. A stored cross-site scripting vulnerability exists in the address parameter of the change_params.php script, allowing injected JavaScript that runs in the user’s browser on interaction with the address box. CVSS metrics show a high/severe impact under d...
CVE-2021-47892
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...
CVE-2021-47892
CVE-2021-47892 concerns PEEL Shopping 9.3.0 and a stored cross-site scripting vulnerability in the "Comments / Special Instructions" parameter of the purchase page. The issue allows injection of malicious JavaScript that is executed when the page is refreshed. The available connected sources clea...
CVE-2021-47892 PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...
CVE-2021-47892 PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...
PEEL Shopping has a security vulnerability
PEEL Shopping is an e-commerce platform owned by the French company PEEL. Version 9.3.0 of PEEL Shopping contains a security vulnerability. This vulnerability stems from improper cleaning of the address parameter in the changeparams.php script, which may lead to storage-based cross-site scripting...
PT-2026-4508
Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0 Description PEEL Shopping 9.3.0 has a stored cross-site scripting issue in the 'Comments / Special Instructions' parameter of the purchase page. An attacker can inject malicious JavaScript payloads that execute when...
PEEL Shopping Cross-site Scripting Vulnerability
PEEL Shopping is an e-commerce platform operated by the French company PEEL. Version 9.3.0 of PEEL Shopping contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the Comments/Special Instructions parameter, which may lead to storage-based cross-site...
PT-2026-4513
Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0 Description The software contains a stored cross-site scripting issue in the address parameter of the ''change params.php'' script. Attackers can inject malicious JavaScript payloads that execute when users interact...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001455)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001455 advisory. An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001306)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001306 advisory. net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003208)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003208 advisory. net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003070)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003070 advisory. net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users ...
CVE-2021-41672
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...
CVE-2019-20178
Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user...