Lucene search
K

7 matches found

Snyk
Snyk
added 2020/08/05 9:25 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. It allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with a...

7.5CVSS6.9AI score0.00896EPSS
Exploits1References2
Snyk
Snyk
added 2020/08/05 9:25 a.m.1 views

Improper Input Validation

Overview solidusfrontend is a cart and storefront for the Solidus e-commerce project. Affected versions of this package are vulnerable to Improper Input Validation. It allows a malicious customer to craft request data with parameters that allow changing the address of the current order without...

7.5CVSS6.9AI score0.00896EPSS
Exploits1References2
Prion
Prion
added 2020/08/04 11:15 p.m.14 views

Design/Logic Flaw

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5CVSS5.1AI score0.00896EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/04 11:0 p.m.24 views

CVE-2020-15109 Ability to change order address without triggering address validations in solidus

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.1AI score0.00896EPSS
Exploits1References2
OSV
OSV
added 2020/08/04 10:17 p.m.24 views

GHSA-3MVG-RRRW-M7PH Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS5AI score0.00896EPSS
Exploits1References7
RubySec
RubySec
added 2020/08/04 12:0 a.m.26 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.00896EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/08/04 12:0 a.m.18 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.00896EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder