20 matches found
CVE-2023-45957
A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...
CVE-2023-45958
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...
EUVD-2023-50221
Malicious code in bioql PyPI...
CVE-2023-52264
The beesblog aka Bees Blog component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharingurl is mishandled...
Cross site scripting
The beesblog aka Bees Blog component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharingurl is mishandled...
CVE-2023-52264
The beesblog aka Bees Blog component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharingurl is mishandled...
CVE-2023-52264
CVE-2023-52264 affects the Bees Blog component (beesblog) prior to version 1.6.2 used with thirty bees. The vulnerability is a Reflected XSS caused by mishandling of the sharing_url in controllers/front/post.php. Impact is reflected XSS; base CVSS 3.1 score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:...
CVE-2023-45957
A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...
CVE-2023-45957
A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...
CVE-2023-45957
The vulnerability CVE-2023-45957 affects thirty bees prior to 1.5.0, in the admin/AdminRequestSqlController.php component. It is a stored XSS caused by error mishandling of $e->getMessage(), allowing an attacker to run arbitrary web script/HTML. The Red Hat/NVD/OSV and related entries corrobor...
thirty bees Cross-Site Scripting Vulnerability
thirty bees is a mature e-commerce solution by thirty bees open source. A cross-site scripting vulnerability exists in versions prior to thirty bees 1.5.0 that stems from a security issue in the component admin/AdminRequestSqlController.php that allows an attacker to execute arbitrary web script ...
CVE-2023-45958
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...
CVE-2023-45958
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...
CVE-2023-45958
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...
Thirty Bees Core Cross-Site Scripting Vulnerability
Thirty Bees Core is an open source e-commerce application with cutting edge features from Thirty Bees. A security vulnerability exists in Thirty Bees Core v1.4.0. An attacker could exploit this vulnerability to execute arbitrary JavaScript in a user's web browser via a specially crafted payload...
CVE-2023-45958
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...
CVE-2023-45958
CVE-2023-45958 affects Thirty Bees Core v1.4.0 with a reflected XSS via the backup_pagination parameter to /controller/AdminController.php, allowing arbitrary JavaScript execution in a user’s browser. Concrete details from multiple sources confirm the affected product/version and the vector; the ...
PT-2023-29775 · Unknown · Thirty Bees Core
Name of the Vulnerable Software and Affected Versions: Thirty Bees Core version 1.4.0 Description: The issue is a reflected cross-site scripting XSS vulnerability. It allows attackers to execute arbitrary JavaScript in a user's web browser via a crafted payload. The vulnerability is exploited...
CVE-2023-45958
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...
Cross-site Scripting (XSS) - Generic in thirtybees/thirtybees
Description Thirty bees is matured e-commerce solution which once started as a fork of PrestaShop 1.6.1.11 and is still compatible with almost all PS 1.6 modules. Its focus is on stability, correctness and reliability of the rich feature set, to allow merchants to focus on growing their business...