Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartstore smartstore vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-15243
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0...
Smartstore Smartstore 4.0.0
Smartstore Smartstore 4.0.1
668
VMScore
CVE-2021-32607
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.
Smartstore Smartstore
668
VMScore
CVE-2021-32608
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
Smartstore Smartstore
578
VMScore
CVE-2020-27996
An issue exists in SmartStoreNET prior to 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.
Smartstore Smartstorenet
605
VMScore
CVE-2020-27997
An issue exists in SmartStoreNET prior to 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
Smartstore Smartstorenet
516
VMScore
CVE-2020-36365
Smartstore (aka SmartStoreNET) prior to 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
Smartstore Smartstorenet
570
VMScore
CVE-2020-36364
An issue exists in Smartstore (aka SmartStoreNET) prior to 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
Smartstore Smartstorenet
NA
CVE-2016-15012
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql in...
Salesforce Mobile Software Development Kit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started