Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commerce platform vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2024-21627
PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain...
Prestashop Prestashop
5.4
CVSSv3
CVE-2023-42627
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 up to and including 7.4.3.91, and Liferay DXP 7.3 update 33 and previous versions, and 7.4 before update 92 allow remote malicious users to inject arbitrary web script or HTM...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
8.8
CVSSv3
CVE-2023-38708
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an malicious user to overwrite or modify sensitive files ...
Pimcore Pimcore
9.8
CVSSv3
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce up to and including 10.3.
Sitecore Experience Platform
Sitecore Managed Cloud
Sitecore Experience Commerce
Sitecore Experience Manager
1 Github repository
7.5
CVSSv3
CVE-2023-33651
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows malicious users to bypass authorization rules.
Sitecore Experience Commerce
Sitecore Experience Manager
Sitecore Experience Platform
Sitecore Managed Cloud -
9.8
CVSSv3
CVE-2023-2713
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: prior to 23.05.15.
Rental Module Project Rental Module
9.8
CVSSv3
CVE-2023-2712
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: prior ...
Rental Module Project Rental Module
3.7
CVSSv3
CVE-2022-48366
An issue exists in eZ Platform Ibexa Kernel prior to 1.3.19. It allows determining account existence via a timing attack.
Ibexa Commerce
Ibexa Jmspaymentcorebundle
Ibexa Ezplatform-page-builder
Ibexa Ez Platform Kernel
Ibexa Digital Experience Platform
Ibexa Ez Platform
Ibexa Kernel
5.3
CVSSv3
CVE-2023-26052
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in ...
Saleor Saleor
4.3
CVSSv3
CVE-2023-26051
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staf...
Saleor Saleor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »