13 matches found
CVE-2024-9943
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...
PT-2024-39956 · WordPress · Multivendorx
Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue is due to missing or incorrect nonce validation on several functions in...
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...
Cross site scripting
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...
nopCommerce 跨站脚本漏洞
nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce 4.50.1, which allows an attacker to upload arbitrary files to the system via the Apply for Vendor Account feature...
Default credentials
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...
CVE-2017-7312
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...
CVE-2017-7312
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...
CVE-2017-7312
CVE-2017-7312 affects Personify360 e-Business v7.5.2–v7.6.1. The vulnerability exists when accessing /TabId/275, allowing unauthenticated users to add vendor accounts or read existing vendor data, including usernames and passwords. This is an information disclosure and privilege escalation-like f...