28 matches found
CVE-2026-44826
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...
EUVD-2026-30580
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...
CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...
PT-2026-41353
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...
CVE-2023-45854
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...
CVE-2025-61546
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible d...
EUVD-2025-31315
Malicious code in bioql PyPI...
CVE-2025-58917
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...
CVE-2025-58917
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...
CVE-2025-58917 WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...
CVE-2025-58917
CVE-2025-58917 affects the WordPress plugin Quantities and Units for WooCommerce up to version 1.0.13. The vulnerability is an improper neutralization of input during web page generation, resulting in Stored Cross-Site Scripting (XSS). Public reports confirm the affected software and versions, an...
CVE-2025-58917 WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...
PT-2025-39532
Name of the Vulnerable Software and Affected Versions Quantities and Units for WooCommerce versions through 1.0.13 Description A flaw exists in Nick Verwymeren Quantities and Units for WooCommerce that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of...
WordPress plugin Quantities and Units for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Quantities and Units for WooCommerce versions = 1.0.13...
PT-2024-31952 · Sparkshop · Sparkshop
Name of the Vulnerable Software and Affected Versions: Sparkshop version 1.16 Description: A loop hole in the payment logic of Sparkshop allows attackers to arbitrarily modify the number of products. This is a high-severity issue that affects multiple versions of Sparkshop. Users are urged to...
Xingyuantu SparkShop 安全漏洞
Xingyuantu SparkShop is an open source shopping mall from the Chinese company Xingyuantu. A security vulnerability exists in Xingyuantu SparkShop v1.16, which stems from a flaw in the payment logic that allows an attacker to arbitrarily modify the number of products...
CVE-2023-45854
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...
CVE-2023-45854
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...
PT-2024-13293 · Shopkit · Shopkit
Name of the Vulnerable Software and Affected Versions: Shopkit version 1.0 Description: A Business Logic issue allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. Recommendations: For Shopkit version 1.0, as a tempora...