CVE-2020-9009

The CVE-2020-9009 issue affects the ShipStation.com plugin for CS-Cart, version 1.1 and earlier. Affected component: the unchecked web endpoint at action=shipnotify, which allows remote attackers to insert arbitrary data into the database. Root cause: access to the endpoint is completely unchecke...

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

Information disclosure

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

CVE-2020-8889

The CVE-2020-8889 entry refers to ShipStation.com plugin version 1.0 for CS-Cart. The weakness stems from a typo that allows a comparison between a blank password and NULL via the action=export endpoint, enabling remote attackers to obtain sensitive information. Reported impact indicates confiden...

shipstation.com XSS vulnerability

On the 21.09.2017 security researcher reported a XSS vulnerability affecting the shipstation.com website via the Open Bug Bounty coordinated vulnerability disclosure program. Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 21 September, 201...