Lucene search
K

28 matches found

NVD
NVD
added 2026/05/15 7:17 p.m.18 views

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 6:37 p.m.11 views

EUVD-2026-30580

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 6:37 p.m.10 views

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41353

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.10 views

CVE-2023-45854

A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...

7.5CVSS6.9AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 5:15 p.m.4 views

CVE-2025-61546

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible d...

9.1CVSS5.9AI score0.00488EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31315

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0019EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.6 views

CVE-2025-58917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2025/09/26 9:15 a.m.4 views

CVE-2025-58917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...

6.5CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 8:31 a.m.2 views

CVE-2025-58917 WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 8:31 a.m.10 views

CVE-2025-58917

CVE-2025-58917 affects the WordPress plugin Quantities and Units for WooCommerce up to version 1.0.13. The vulnerability is an improper neutralization of input during web page generation, resulting in Stored Cross-Site Scripting (XSS). Public reports confirm the affected software and versions, an...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/26 8:31 a.m.11 views

CVE-2025-58917 WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through = 1.0.13...

6.5CVSS0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.4 views

PT-2025-39532

Name of the Vulnerable Software and Affected Versions Quantities and Units for WooCommerce versions through 1.0.13 Description A flaw exists in Nick Verwymeren Quantities and Units for WooCommerce that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.4 views

WordPress plugin Quantities and Units for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

6.5CVSS5.6AI score0.0019EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/17 4:49 p.m.5 views

WordPress Quantities and Units for WooCommerce plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Quantities and Units for WooCommerce versions = 1.0.13...

6.5CVSS5.9AI score0.0019EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2024-31952 · Sparkshop · Sparkshop

Name of the Vulnerable Software and Affected Versions: Sparkshop version 1.16 Description: A loop hole in the payment logic of Sparkshop allows attackers to arbitrarily modify the number of products. This is a high-severity issue that affects multiple versions of Sparkshop. Users are urged to...

7.5CVSS6.9AI score0.00446EPSS
Exploits1References11
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.6 views

Xingyuantu SparkShop 安全漏洞

Xingyuantu SparkShop is an open source shopping mall from the Chinese company Xingyuantu. A security vulnerability exists in Xingyuantu SparkShop v1.16, which stems from a flaw in the payment logic that allows an attacker to arbitrarily modify the number of products...

7.5CVSS6.6AI score0.00446EPSS
Exploits1References4
NVD
NVD
added 2024/09/16 6:15 p.m.22 views

CVE-2023-45854

A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...

7.5CVSS0.00337EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/16 12:0 a.m.13 views

CVE-2023-45854

A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...

6.8AI score0.00337EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.6 views

PT-2024-13293 · Shopkit · Shopkit

Name of the Vulnerable Software and Affected Versions: Shopkit version 1.0 Description: A Business Logic issue allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. Recommendations: For Shopkit version 1.0, as a tempora...

7.5CVSS6.9AI score0.00337EPSS
Exploits0References11
Rows per page
Query Builder