Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartstore smartstorenet vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-36365
Smartstore (aka SmartStoreNET) prior to 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
Smartstore Smartstorenet
8.8
CVSSv3
CVE-2020-27996
An issue exists in SmartStoreNET prior to 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.
Smartstore Smartstorenet
8.8
CVSSv3
CVE-2020-27997
An issue exists in SmartStoreNET prior to 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
Smartstore Smartstorenet
9.1
CVSSv3
CVE-2020-36364
An issue exists in Smartstore (aka SmartStoreNET) prior to 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
Smartstore Smartstorenet
9.8
CVSSv3
CVE-2021-32607
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.
Smartstore Smartstore
9.8
CVSSv3
CVE-2021-32608
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
Smartstore Smartstore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started