175 matches found
Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
WP Sunshine Sunshine Photo Cart versions up to 3.2.5 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-43971...
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
Shopizer is vulnerable to Cross-site Scripting
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
GHSA-F5W4-7CCJ-5M75 Shopizer has a path traversal issue
A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
Shopizer has a path traversal issue
A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
EUVD-2026-26406
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
EUVD-2026-26401
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
CVE-2026-36766
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
CVE-2026-36766
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
Shopizer 跨站脚本漏洞
Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a cross-site scripting vulnerability. This vulnerability stems from the XssHttpServletRequestWrapper class, which has multiple authenticated cross-site scripting...
CVE-2026-36767
shopizer 3.2.5 is affected by a path traversal vulnerability in the /content/images/add endpoint that allows an attacker to write arbitrary files to any writable path via a crafted POST request. This is a high-impact issue (CVSS v3.1: 10.0, critical, network access, no authentication, user intera...
CVE-2026-28042
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through = 3.2.5...
WordPress plugin Listify 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
Rack 安全漏洞
Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.22, 3.1.20, and 3.2.5 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory’s path checking mechanism, which used string prefix matching, potential...
CVE-2025-59009
Cross-Site Request Forgery CSRF vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through = 3.2.5...
CVE-2025-59009 WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through = 3.2.5...
CVE-2025-59009 WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through = 3.2.5...
CVE-2025-59009
CVE-2025-59009 is a CSRF vulnerability in the WordPress theme Listify (Astoundify Listify) up to version 3.2.5. The connected sources describe the issue as an insufficient protection against forged requests originating from malicious sites, enabling actions on behalf of authenticated users. The i...
WordPress plugin Listify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...