EUVD-2024-44437

Malicious code in bioql PyPI...

CVE-2024-4859

Solidus = 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL...

CVE-2021-43805

Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...

Solidus 安全漏洞

Solidus is an open source e-commerce system. Solidus suffers from a security vulnerability that stems from the fact that the software's regular expressions in emails used to validate guest orders can be exponentially backtracked through fragments such as a.a.a, which can be exploited by an attack...

Improper Validation

solidus does not perform proper validation. The vulnerability exists as it was possible to change the address of the current order without changing the shipment cost through a crafted request data with parameters...

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...