29 matches found
EUVD-2020-27727
Malware in sbrugna...
EUVD-2025-28814
Malicious code in bioql PyPI...
EUVD-2022-3551
Malicious code in bioql PyPI...
CVE-2025-9103
A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existenc...
CVE-2025-9103
A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existenc...
Cross-site Scripting (XSS)
Overview zencart/zencart is an Open Source E-commerce Application Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CKEditor component. An attacker can inject and execute unauthorized scripts by submitting crafted input as an authorized administrator. Note: The...
CVE-2025-9103
CVE-2025-9103 affects ZenCart 2.1.0 with an issue in the CKEditor component described as an unknown functionality that enables cross-site scripting. The vulnerability is reported as remotely exploitable and the exploit has been publicly disclosed; however, the real existence of the vulnerability ...
CVE-2025-9103 ZenCart CKEditor cross site scripting
A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existenc...
PT-2025-33632 · Ckeditor +1 · Ckeditor +1
Name of the Vulnerable Software and Affected Versions: ZenCart version 2.1.0 Description: A vulnerability exists in ZenCart 2.1.0 related to an unknown functionality of the component CKEditor. Manipulation of this functionality can lead to Cross-Site Scripting XSS. The attack can be launched...
Cross-site Scripting (XSS)
zencart/zencart is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script injecting via the mainpage parameter to includes/templates/templatedefault/common/tplmainpage.php or includes/templates/responsiveclassic/common/tplmainpage.php...
Zen Cart 1.5.7b - Remote Code Execution (Authenticated) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...
Zen Cart 1.5.7b Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...
ZenCart MailBeez plugin cross-site scripting vulnerability
MailBeez plugin for ZenCart is a Danish MailBeez company's post-sale e-mail auto-trigger plugin for use in ZenCart e-commerce system. A cross-site scripting vulnerability exists in the mailhive/cloudbeez/cloudloader.php file and the mailhive/cloudbeez/cloudloadercore.php file in MailBeez versions...
CVE-2020-6579
Cross-site scripting XSS vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloadercore.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloadermode parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloadercore.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloadermode parameter...
CVE-2020-6579
CVE-2020-6579 is an XSS vulnerability in the MailBeez ZenCart plugin. The flaw affects the files mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php and is exploitable through the cloudloader_mode parameter. Software versions prior to 3.9.22 are affected, allowing a rem...
CVE-2020-6579
Cross-site scripting XSS vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloadercore.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloadermode parameter...
Coinbase: User provided values trusted in sensitive actions
In the Coinbase zencart open source library, a researcher observed two issues related to making calls based on user provided values. The reporter observed that these issues could allow a malicious user to perform an open redirect and a CRLF injection in any PHP version =5.4.1. Unfortunately,...
ZenCart Authentication Code Execution Vulnerability
ZenCart is an open source shopping cart system developed by Zen Cart team, it is mainly used to establish online stores, which can support a variety of payment methods, multi-language options, online shopping mall batch update and so on. A security vulnerability exists in the...
Code injection
The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to...