CVE-2021-42193

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/id. Each time a user views the product in the shop, the XSS payload fires...

EUVD-2021-29175

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/id. Each time a user views the product in the shop, the XSS payload fires...

CVE-2024-25217

Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/viewproduct...

CVE-2022-32355

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/viewproduct&id=...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification...

CVE-2020-7705

This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the...

CVE-2019-8117

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification...

CVE-2019-8117

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification...

CVE-2019-8117

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification...

Basic B2B Script SQL Injection Vulnerability

Basic B2B Script is a B2B e-commerce website system. A SQL injection vulnerability exists in Basic B2B Script. The vulnerability can be exploited by remote attackers to inject SQL commands by sending 'pid' or 'id' parameters to the productview1.php file...

CVE-2017-15985

CVE-2017-15985 is a confirmed SQL injection in the Basic B2B Script, exploitable via the request parameter in product_view1.php (pid or id). The issue originates from unsafely handling these parameters, enabling attackers to inject SQL commands. Public references (Exploit-DB PoC and related CVE r...

vrpspeed.com XSS vulnerability

Vulnerable URL:...

Zarafe CMS 1.0 Cross Site Scripting

Exploit Title : Zarafe CMS 1.0 / Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.zarrafeh.net/ Category: Webapps Tested on: Win Version: 1.0 Date: 2016/08/27 PoC: GET = /productview.php?productid=XSS GET = /articles.php?articleid=XSS Payload : 7b084"Only For...

Spiraleye CMS SQL Injection

In The Name Of GOD + Exploit Title: spiraleye CMS SQL Injection Vulnerability + Date: 2010-11-14 + Author : Cru3l.b0y + Software Link: http://sites.spiraleye.com/ + Contact : [email protected] + Website : WwW.PenTesters.IR + Greeting: Behzad, Ahmad,...

CVE-2008-7205

Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file...