PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

EUVD-2024-55328

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

CVE-2024-58304

CVE-2024-58304 – SPA-CART CMS 1.9.0.3 is affected by a stored cross-site scripting vulnerability in the product description parameter. The issue allows authenticated administrators to inject JavaScript via the descr field in the product edit form, causing arbitrary code execution in the web brows...

CVE-2024-58304 SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

SPA-CART CMS 跨站脚本漏洞

SPA-CART CMS is a content management system for Oleg Individual Developers. A cross-site scripting vulnerability exists in SPA-CART CMS version 1.9.0.3, which stems from the presence of stored cross-site scripting in the product description parameter that could lead to the execution of arbitrary...

PT-2025-50757

Name of the Vulnerable Software and Affected Versions SPA-CART CMS version 1.9.0.3 Description The software contains a stored cross-site scripting issue in the product description parameter. Authenticated administrators can inject malicious scripts. Attackers can submit JavaScript payloads throug...

CVE-2025-12334

A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument prodname/proddesc/prodcost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

GHSA-527Q-4WQV-G9WJ bagisto has Server Side Template Injection (SSTI) in Product Description

Summary Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions tha...

CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description

Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...

CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description

Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...

EUVD-2023-30267

Malicious code in bioql PyPI...

EUVD-2023-52278

Malicious code in bioql PyPI...

MINI-XGW6-WCM4-9MMW

Bulletin has no description...

CVE-2024-40746

A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...

CVE-2023-48198

A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...

PT-2024-29025 · Joomla · Hikashop

Name of the Vulnerable Software and Affected Versions: HikaShop Joomla Component versions prior to 5.1.1 Description: A stored cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload in the...

PT-2023-30723 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions = 4.0.3 Description: A Cross-Site Scripting XSS issue exists in the 'product description' component within the "/api/stock/products" endpoint, allowing attackers to obtain a victim's cookies. This issue can be exploited by a...

CVE-2023-26447

CVE-2023-26447 affects Open-Xchange AppSuite’s portal upsell widget, where a product description sourced from a user-controllable jslob is inserted into the DOM without proper escaping. The underlying issue is DOM-based XSS: unescaped jslob content can execute script in the victim’s browser, pote...