Lucene search
K

18 matches found

OSV
OSV
added 2026/02/02 11:4 p.m.4 views

GHSA-H9R9-2PXG-CX9M Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Zone Name & Description fields in the Store Management section are not properly sanitized before being displayed in the admin panel...

6.1CVSS5.7AI score0.00261EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-6432

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Zone Name & Description fields in the Store Management section are not properly sanitized before being displayed in the admin panel...

6.1CVSS5.6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.4 views

PT-2026-6311

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The vulnerability resides in the...

6.1CVSS5AI score0.00261EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0585

Malware in sbrugna...

5.3CVSS5.3AI score0.00896EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42345

Malicious code in bioql PyPI...

6.6CVSS6.6AI score0.00555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.5 views

CVE-2024-47309

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Condless Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through = 1.2.7...

6.6CVSS5.9AI score0.00555EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/05 12:23 p.m.22 views

CVE-2024-47309 WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Condless Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through = 1.2.7...

6.6CVSS0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.5 views

WordPress plugin Cities Shipping Zones for WooCommerce 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

6.6CVSS6.8AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/05 12:0 a.m.7 views

PT-2024-32520 · Woocommerce · Cities Shipping Zones For Woocommerce

Name of the Vulnerable Software and Affected Versions: Cities Shipping Zones for WooCommerce versions 1.2.7 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File...

6.6CVSS6.9AI score0.00555EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/09/25 10:22 a.m.4 views

WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by h0j3n Patchstack Alliance in WordPress Plugin Cities Shipping Zones for WooCommerce versions = 1.2.7...

6.6CVSS7AI score0.00555EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2020/08/05 9:25 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. It allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with a...

7.5CVSS6.9AI score0.00896EPSS
Exploits1References2
OSV
OSV
added 2020/08/04 11:15 p.m.11 views

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/08/04 11:15 p.m.1 views

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.5AI score0.00896EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/08/04 11:15 p.m.14 views

Design/Logic Flaw

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5CVSS5.1AI score0.00896EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/04 11:0 p.m.24 views

CVE-2020-15109 Ability to change order address without triggering address validations in solidus

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.1AI score0.00896EPSS
Exploits1References2
OSV
OSV
added 2020/08/04 10:17 p.m.24 views

GHSA-3MVG-RRRW-M7PH Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS5AI score0.00896EPSS
Exploits1References7
RubySec
RubySec
added 2020/08/04 12:0 a.m.26 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.00896EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/08/04 12:0 a.m.18 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.00896EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder