Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/05 8:33 p.m.12 views

EUVD-2026-33408

Shopper: Missing authorization on Product admin Livewire sub-form components...

6.5CVSS5.4AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44943

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Sub-form Livewire components within the product editor—specifically those handling Edit, Inventory, Seo, Shipping, and Files—lack authorization on their store method. This allows any authenticated...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 7:17 p.m.14 views

CVE-2026-45622

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:42 p.m.33 views

CVE-2026-45622 Vvveb: Unauthenticated reflected XSS in public product return form via customer_order_id

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customerorderid POST parameter is inserted into the...

5.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 6:42 p.m.16 views

CVE-2026-45622

Vvveb CMS (version prior to 1.0.8.3) is affected by an unauthenticated reflected XSS in the public product return form. The issue arises from inserting the customer_order_id into the error message without HTML escaping, allowing attacker-controlled HTML/JavaScript to execute in the submitting use...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder