2 matches found
PT-2026-24417
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...
Govee Home 安全漏洞
Govee Home is an application from Govee, Inc. A security vulnerability exists in Govee Home that stems from an Authorization Error vulnerability in the HTTP POST method in the application, which allows remote attackers to take control of devices owned by other users by changing the values of the...