CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

CVE-2023-23014

Cross Site Scripting XSS vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c on Apr 23, 2021 via editstorename and editactive inputs in file InventorySystem.php...

CVE-2024-2998

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site...

CVE-2023-23014

Cross Site Scripting XSS vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c on Apr 23, 2021 via editstorename and editactive inputs in file InventorySystem.php...

PT-2023-18820 · Unknown · Inventorysystem

Name of the Vulnerable Software and Affected Versions: InventorySystem affected versions not specified Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the InventorySystem via the edit store name and edit active inputs in the file InventorySystem.php...

CVE-2022-32036

Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb...

Magento Cross-Site Scripting via store name

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website...

PRODSECBUG-2426: Cross-Site Scripting via store name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

Shopify: CSV Excel Macro Injection Vulnerability in export list of current users - app.shopify.com

Hi , I have found that when a user tries to Export list of current users who installed his apps through: https://app.shopify.com/services/partners/apiclients//exportinstalledusers the fields of the CSV file are not properly escaped. which makes them vulnerable to CSV Excel Macro Injection...

PHP Stock Management System 1.02 - Multiple Persistent Cross Site Scripting Vulnerabilities

No description provided by source. ​ Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities in PHP Stock Management System 1.02 Date: 25 Aug 2014 Exploit Author: ​Ragha Deepthi K R Vendor Homepage: ​http://www.posnic.com/​ Software Link:​...