CVE-2026-45055

CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CCSTOREURL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in...

CubeCart 输入验证错误漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. In versions 6.6.x to 6.7.1 of CubeCart, there is a vulnerability related to input validation errors. This vulnerability stems from directly constructing the CCSTOREURL constant from the Host request headers and embedding the...

Browser is prompted to install Citrix Workspace lite.

Receiving prompt to install Citrix Workspace lite when accessing store URL When accessing workspace we see that as Citrix workspace lite However, the installed app is Citrix Workspace app...

Exploit for Improper Input Validation in Apple Itunes_U

CVE-2021-30862 In 2021, CodeColorist released his writeups on...

WordPress plugin Feedify – Web Push Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2024-17267 · WordPress · Feedify – Web Push Notifications

Name of the Vulnerable Software and Affected Versions: The Feedify – Web Push Notifications plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Reflected Cross-Site Scripting via the platform, phone, email, and store url parameters due to insufficient...

When Adding Store URL in Citrix WorkSpace App, It will Popup the Error "Cannot Configure the Store"

When adding the Store URL inside the Citrix WorkSpace App, it will popup the error "cannot configure the store"...

Pre-configure the Store-URL in the “Citrix Workspace App” for MAC

...

CWA 2202 : Published desktop fails to launch when CWA is used

-- Issue with CWA only -- Same endpoint works when same VDA is launched from Store URL -- Issue with 1 end point only -- Never worked on the CWA -- First time set up Details...

What steps are needed to configure new StoreFront servers with an existing Gateway and Store URL

The objective of this article is to provide the recommended steps at a high level in order to configure two new StoreFront servers to work with an existing Gateway virtual server that utilizes an URL created with an old set of StoreFront servers...

Use Email based discovery for Workspace with Citrix Cloud

Before 2023 ======== Email based discovery can be used to add a Store to the Workspace, using the email address instead of the Store URL. We could do this for on-prem Stores, even with Gateway. The steps are provided here...

iOS Public App Store app uploads are not working when using the App Store app URL

With Endpoint Management, when an Administrator attempts to upload an iOS and/or iPadOS public App Store app by enteringthe URL by using the new app URL on the App Store, the app is not found and the error below is displayed...

Error: “Cannot start apps. Please run reset receiver to resolve a lockdown conflict for ClientHostedAppsShortcuts (error 2320)”

Users access a StoreURL and launch published IE from their Client machines. Then they use published IE and connect to another StoreURL from another farm to access another application. Majority but not all users get errors while launching the application. Error: “Cannot start apps. Please run Rese...

eSellerate SDK 3.6.5 - eSellerateControl365.dll ActiveX Control Buffer Overflow

eSellerate SDK 3.6.5 - eSellerateControl365.dll ActiveX Control Buffer Overflow source: https://www.securityfocus.com/bid/24300/info eSellerate SDK ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into a...

eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow

source: https://www.securityfocus.com/bid/24300/info eSellerate SDK ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote...