8 matches found
CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view
PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...
PrestaShop 跨站脚本漏洞
PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. Versions of PrestaShop prior to 8.2.6 and 9.1.1 contained a cross-site scriptin...
Cross-site Scripting (XSS)
Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Customer Service view process. An attacker can...
CVE-2026-41576
Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...
PT-2026-39140
Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description The contact form is publicly accessible without authentication. User-supplied message text is processed by the nl2br function, which converts newlines to tags but fails to escape HTML. Thi...
Mandatory IoT Security in the Offing with U.K. Proposal
The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...
The Offensive Web Application Penetration Testing Framework: TIDoS
TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...
Joomla! Component Highslide 1.5 - Local File Inclusion
Joomla! Component Highslide 1.5 - Local File Inclusion =============================================================================================================== o Joomla Component Highslide JS Local File Inclusion Vulnerability Software : comhsconfig version 1.5 Vendor :...