27 matches found
CVE-2026-29175
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
CVE-2026-29175
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
CVE-2026-29175 Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
CVE-2026-29175
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
EUVD-2026-10819
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
GHSA-CFPV-RMPF-F624 Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking
Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...
Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking
Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...
PT-2026-24624
Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...
PT-2026-24417
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
CVE-2025-5135
A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...
CVE-2025-5135
CVE-2025-5135 affects Tmall Demo up to 20250505. The vulnerability is an XSS in the Product Details Page, triggered by manipulating the Product Name/Product Title in the file path /tmall/admin/. The issue concerns some unknown functionality of that admin path and is exploitable remotely; the expl...
Tmall_demo 代码注入漏洞
Tmalldemo is a Spring Boot based mini Tmall by the projectteam. Tmalldemo 20250505 and previous versions of the code injection vulnerability, the vulnerability stems from the file /tmall/admin/ in the parameter Product Name/Product Title of the wrong operation leads to cross-site scripting...
CVE-2022-30003
Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting XSS, allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields...
Cross-site Scripting (XSS)
Dolibarr is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to a crafted payload injected into the Title parameter in the Product module, allowing attackers to execute arbitrary web scripts or HTML...
CVE-2022-38947
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in producttitle parameter, allows attackers to execute arbitrary code...
CVE-2022-38947
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in producttitle parameter, allows attackers to execute arbitrary code...
Flipkart-Clone-PHP 安全漏洞
Flipkart-Clone-PHP is an application by Jigar Sable Personal Developer. A security vulnerability exists in Flipkart-Clone-PHP version 1.0, which stems from the producttitle parameter in the entry.php page containing a SQL injection vulnerability...
WordPress Fancy Product Designer plugin < 6.1.81 - Admin+ Cross Site Scripting via Product Title vulnerability
Admin+ Cross Site Scripting via Product Title vulnerability discovered by Bob Matyas in WordPress Plugin Fancy Product Designer versions 6.1.81...
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Note: This requires WooCommerce to...
CVE-2022-30003
Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting XSS, allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields...