731 matches found
CVE-2025-48353
Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...
CVE-2025-48353
CVE-2025-48353 : A CSRF to Stored XSS vulnerability exists in the dactum Clickbank WordPress Plugin (Niche Storefront). Affected component: Clickbank WordPress Plugin (Niche Storefront) versions up to and including 1.3.5. Root cause: CSRF enables stored XSS in the plugin; exploitation details are...
CVE-2025-48353 WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront allows Stored XSS. This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through 1.3.5...
CVE-2025-48353 WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...
WordPress plugin Clickbank WordPress Plugin (Niche Storefront) 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-35022
Name of the Vulnerable Software and Affected Versions: dactum Clickbank WordPress Plugin Niche Storefront versions through 1.3.5 Description: A Cross-Site Request Forgery CSRF vulnerability exists in dactum Clickbank WordPress Plugin Niche Storefront, which also allows Stored Cross-Site Scripting...
WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Clickbank WordPress Plugin Niche Storefront versions = 1.3.5...
Malicious code in storefront-kit-react (npm)
The package storefront-kit-react was found to contain malicious code...
Malicious code in vue-storefront-stripe (npm)
The package vue-storefront-stripe was found to contain malicious code...
MAL-2025-34001 Malicious code in storefront-kit-react (npm)
The package storefront-kit-react was found to contain malicious code...
MAL-2025-38674 Malicious code in vue-storefront-stripe (npm)
The package vue-storefront-stripe was found to contain malicious code...
Slow initial page load when connecting to Storefront after upgrading to 2411/2503
After installing StoreFront 2411/2503, connections made to the landing page for a Storefront Store i.e. https://example.com/Citrix/XenAppWeb, users experience a 6 second delay before the logon page fully loads...
Citrix Director Infrastructure Monitoring - Incorrect IIS Certificate Validity status
When admin checks Storefront metrics in Citrix Director under Infrastructure Monitoring, incorrect IIS Certificate Validity status is displayed. All other metrics are displayed correctly. Example: StoreFront Details: Storefront is configured with correct certificate and a certificate chain is...
ADC-13.1-How to support multiple domain SSO to StoreFront with user "distinguishedName" attribute
How to support multiple domain SSO to StoreFront from NetScaler with user "distinguishedName" attribute...
CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...
CVE-2024-29036
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...
CVE-2023-3294
Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...
CVAD 2402 - Citrix Storefront SSO failed after change the Base URL
After the customer modified the Base URL setting to use a different hostname, single sign-on SSO functionality stopped working for all users across the environment. However, when the Base URL is reverted back to the original hostname of the StoreFront server, single sign-on resumes normal operati...
CVE-2022-27503
Cross-site Scripting XSS vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9...
CVE-2020-8200
Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server...