Lucene search
K

13 matches found

redhatcve
redhatcve
added 2025/05/23 8:14 a.m.6 views

CVE-2024-9943

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...

6.3CVSS5.5AI score0.00192EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:41 p.m.12 views

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

6.1CVSS6.7AI score0.00685EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/10/24 12:0 a.m.7 views

PT-2024-39956 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue is due to missing or incorrect nonce validation on several functions in...

6.3CVSS6.9AI score0.00192EPSS
Exploits0References9
attackerkb
attackerkb
added 2022/04/26 9:15 p.m.4 views

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

6.1CVSS6AI score0.00685EPSS
Exploits1References2
nvd
nvd
added 2022/04/26 9:15 p.m.11 views

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

6.1CVSS0.00685EPSS
Exploits1References1
prion
prion
added 2022/04/26 9:15 p.m.9 views

Cross site scripting

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

4.3CVSS6.2AI score0.00685EPSS
Exploits1References1Affected Software1
osv
osv
added 2022/04/26 8:2 p.m.16 views

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

6.1CVSS6.6AI score0.00685EPSS
Exploits1References3
cvelist
cvelist
added 2022/04/26 8:2 p.m.16 views

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

6.4AI score0.00685EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/04/26 12:0 a.m.3 views

nopCommerce 跨站脚本漏洞

nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce 4.50.1, which allows an attacker to upload arbitrary files to the system via the Apply for Vendor Account feature...

6.1CVSS6.4AI score0.00685EPSS
Exploits1References3
prion
prion
added 2017/06/07 1:29 p.m.18 views

Default credentials

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...

7.5CVSS9.2AI score0.02975EPSS
Exploits2References1Affected Software1
nvd
nvd
added 2017/06/07 1:29 p.m.16 views

CVE-2017-7312

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...

9.8CVSS9.3AI score0.02975EPSS
Exploits2References1
cvelist
cvelist
added 2017/06/07 1:0 p.m.20 views

CVE-2017-7312

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data including usernames and passwords...

9.4AI score0.02975EPSS
Exploits2References1
cve
cve
added 2017/06/07 1:0 p.m.54 views

CVE-2017-7312

CVE-2017-7312 affects Personify360 e-Business v7.5.2–v7.6.1. The vulnerability exists when accessing /TabId/275, allowing unauthenticated users to add vendor accounts or read existing vendor data, including usernames and passwords. This is an information disclosure and privilege escalation-like f...

9.8CVSS9.2AI score0.02975EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder