2 matches found
Vendure security vulnerabilities
Vendure is an open-source e-commerce framework developed by Vendure. Versions prior to Vendure 3.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a time difference in the NativeAuthenticationStrategy.authenticate method, which could lead to username enumeration attacks...
phpList cross-site scripting vulnerability (CNVD-2020-41816)
phpList is an open source newsletter and email marketing software from phpList UK. A cross-site scripting vulnerability exists in versions of phpList prior to 3.5.3. The vulnerability can be exploited by an attacker to elevate privileges with the help of the file lists/admin/template.php...