Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

57 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-18638

Malware in sbrugna...

7.8CVSS7.6AI score0.00412EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/07/16 4:18 a.m.3 views

CVE-2025-7567

A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/systemtype leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...

5.3CVSS4.3AI score0.00228EPSS
Exploits0References1
Snyk
Snykadded 2025/07/14 3:45 a.m.2 views

Cross-site Scripting (XSS)

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple pages when handling the lang or systemtype arguments. An attacker can inject and execute arbitrary scripts in the context of a user's browser by supplying...

6.1CVSS5.6AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/07/14 12:0 a.m.2 views

PT-2025-29414 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO versions up to 6.5.0 Description: A cross-site scripting issue exists due to the manipulation of the lang/system type parameter in the processing of the header.html file. The attack can be initiated remotely. The exploit has been...

5.3CVSS4.3AI score0.00228EPSS
Exploits0References10
Snyk
Snykadded 2025/05/23 1:43 p.m.2 views

Arbitrary File Upload

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Arbitrary File Upload via the params argument to the upload function in Payment.php. Remediation There is no fixed version for shopxo/shopxo. References - Vulnerable Code...

9.8CVSS7AI score0.00301EPSS
Exploits0References2
NVD
NVDadded 2025/05/23 1:15 p.m.11 views

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...

9.8CVSS0.00301EPSS
Exploits0References4
OSV
OSVadded 2025/05/23 1:15 p.m.2 views

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...

9.8CVSS6.4AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/05/23 12:31 p.m.6 views

CVE-2025-5108 zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...

6.5CVSS6.7AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 3:48 p.m.6 views

CVE-2020-26008

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file...

7.8CVSS7.9AI score0.00412EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2025/03/29 12:31 a.m.12 views

ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS)

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places...

6.5CVSS7.1AI score0.00142EPSS
Exploits1References3Affected Software1
Snyk
Snykadded 2025/03/29 12:31 a.m.2 views

Cross-site Scripting (XSS)

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Cross-site Scripting XSS through multiple components. An attacker can manipulate the web application and perform unauthorized actions or access sensitive data by sending crafted requests or injecti...

6.5CVSS5.3AI score0.00142EPSS
Exploits1References3
Snyk
Snykadded 2025/03/29 12:31 a.m.2 views

Server-side Request Forgery (SSRF)

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Email Settings. An attacker can manipulate the server into making requests to unintended locations by sending crafted inputs to the affected settings...

6.3CVSS7AI score0.00105EPSS
Exploits1References2
CVE
CVEadded 2025/03/28 12:0 a.m.65 views

CVE-2025-28094

ShopXO v6.4.0 is reported to have Server-Side Request Forgery (SSRF) and Cross‑Site Scripting (XSS) vulnerabilities across multiple locations. The consolidated sources indicate insufficient input validation/sanitization as the likely root cause, enabling unauthorized requests and script injection...

6.5CVSS7.2AI score0.00142EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/03/28 12:0 a.m.6 views

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

6.9AI score0.00105EPSS
Exploits1References1
NVD
NVDadded 2025/02/27 10:15 p.m.10 views

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php...

9.8CVSS0.0019EPSS
Exploits1References1
CNNVD
CNNVDadded 2024/08/30 12:0 a.m.4 views

ShopXO 安全漏洞

ShopXO is an open source, enterprise-grade, open source e-commerce system from ShopXO, Inc. A security vulnerability exists in ShopXO version 6.2, which can be exploited to execute code by changing the POST parameter...

6.1CVSS7.2AI score0.00171EPSS
Exploits0References3
OSV
OSVadded 2024/07/05 12:31 p.m.9 views

GHSA-C96R-38GV-GRP4 ShopXO Server-Side Request Forgery Vulnerability

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

5.5CVSS7AI score0.0011EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2024/07/05 12:31 p.m.15 views

ShopXO Server-Side Request Forgery Vulnerability

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

8.8CVSS6.8AI score0.0011EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2024/07/05 12:15 p.m.10 views

CVE-2024-6524

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

8.8CVSS0.0011EPSS
Exploits1References4
OSV
OSVadded 2024/07/05 12:15 p.m.7 views

CVE-2024-6524

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...

8.8CVSS6.8AI score
Exploits0References4
Rows per page
Query Builder