CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

CVE-2026-44376

CubeCart (v6.x) prior to 6.7.0 contains an unauthenticated Reflected XSS in the search feature. Root cause is a logic flaw in classes/catalogue.class.php that reflects unsanitized user input when a search returns exactly one product, bypassing existing filters. Consequences include the execution ...

CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

Malicious code in apple-store_search (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-2269

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The...

Prestashop 操作系统命令注入漏洞

PrestaShop is a full-featured, cross-platform, free and open source e-commerce solution designed for web 2.0. A CSV injection vulnerability exists in PrestaShop versions prior to 1.7.2. An attacker can exploit this vulnerability by using the store search keyword in the admin panel to conduct a CS...

Malicious Package

Overview apple-storesearch is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

prada.com XSS vulnerability

Vulnerable URL: http://www.prada.com/en/NL/store-search.html?back=/en/NL/e-store.html&q1;=%22;promptOPENBUGBOUNTY;// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 24445 VIP websit...

familybariatric.com XSS vulnerability

Vulnerable URL: https://www.familybariatric.com/store/search.asp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4706508 VIP website status:| No Coordinated Disclosure Timeline:...

webstore.com XSS vulnerability

Vulnerable URL: http://www.webstore.com/stores.php?option=storesearchname=asd...

ewww.koreapop.com XSS vulnerability

Vulnerable URL: http://ewww.koreapop.com/browse/search.php?mode=store=--%3E%3C/script%3E%3C/title%3E%22%3E%3Csvg/onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...