Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
evershop evershop 1.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-46942
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote malicious users to obtain sensitive information via improper authorization in GraphQL endpoints.
Evershop Evershop 1.0.0
9.1
CVSSv3
CVE-2023-46943
An issue exists in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWT...
Evershop Evershop 1.0.0
5.3
CVSSv3
CVE-2023-46493
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote malicious user to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.
Evershop Evershop 1.0.0
6.1
CVSSv3
CVE-2023-46494
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote malicious user to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.
Evershop Evershop 1.0.0
6.1
CVSSv3
CVE-2023-46495
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote malicious user to obtain sensitive information via a crafted request to the sortBy parameter.
Evershop Evershop 1.0.0
8.3
CVSSv3
CVE-2023-46496
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote malicious user to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
Evershop Evershop 1.0.0
5.4
CVSSv3
CVE-2023-46497
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote malicious user to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
Evershop Evershop 1.0.0
9.8
CVSSv3
CVE-2023-46498
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote malicious user to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
Evershop Evershop 1.0.0
6.1
CVSSv3
CVE-2023-46499
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote malicious user to obtain sensitive information via a crafted scripts to the Admin Panel.
Evershop Evershop 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started