@pakasa/duuka-airtel-money-pay (>=0.0.12 <=0.0.16), @pakasa/duuka-checkout (>=0.0.1 <=0.0.9) +9 more potentially affected by CVE-2025-12919 via @evershop/evershop (>=1.0.0-rc.5 <=1.2.2)

@evershop/evershop NPM version =1.0.0-rc.5, =0.0.12, =0.0.1, =0.0.5, =0.0.1, =1.0.0, =0.0.2, =0.0.2, =0.0.4, =0.1.2, =1.1.0 Source cves: CVE-2025-12919 Source advisory: OSV:GHSA-C73G-MX2W-CC93...

CVE-2023-46499

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel...

CVE-2023-46499

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel...

EverShop Security Breach

EverShop is EverShop open source a NodeJS e-commerce platform. A security vulnerability exists in EverShop versions prior to v.1.0.0-rc.5. A remote attacker can exploit this vulnerability to obtain sensitive information from the admin panel via a specially crafted script...

PT-2023-30059 · Npm · Evershop

Name of the Vulnerable Software and Affected Versions: EverShop NPM versions prior to 1.0.0-rc.5 Description: The issue allows a remote attacker to obtain sensitive information via crafted scripts to the Admin Panel. This is a Cross Site Scripting vulnerability. Recommendations: For versions prio...

PT-2023-24760 · Weave · Weave Gitops Terraform Controller

Name of the Vulnerable Software and Affected Versions: Weave GitOps Terraform Controller versions prior to v0.14.4 Weave GitOps Terraform Controller versions prior to v0.15.0-rc.5 Description: A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an...

JPress Cross-Site Scripting Vulnerability

JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...

Cross site scripting

In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the webname parameter...

Xine-Lib 0.99 Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10890/info It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. xine-lib rc-5 and...

CVE-2005-4329

CVE-2005-4329 affects PHP Arena paFileDB Extreme Edition RC 5 and earlier . The vulnerability is a SQL injection in the file pafiledb.php , allowing remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameters. The initial details show a network attack vector with a...