Filtered by vendor Evershop
Subscriptions
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-46499 | 1 Evershop | 1 Evershop | 2024-11-26 | 6.1 Medium |
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | ||||
CVE-2023-46943 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.1 Critical |
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | ||||
CVE-2023-46942 | 1 Evershop | 1 Evershop | 2024-11-21 | 7.5 High |
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | ||||
CVE-2023-46498 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.8 Critical |
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | ||||
CVE-2023-46497 | 1 Evershop | 1 Evershop | 2024-11-21 | 5.4 Medium |
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | ||||
CVE-2023-46496 | 1 Evershop | 1 Evershop | 2024-11-21 | 8.3 High |
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | ||||
CVE-2023-46495 | 1 Evershop | 1 Evershop | 2024-11-21 | 6.1 Medium |
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. | ||||
CVE-2023-46494 | 1 Evershop | 1 Evershop | 2024-11-21 | 6.1 Medium |
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | ||||
CVE-2023-46493 | 1 Evershop | 1 Evershop | 2024-11-21 | 5.3 Medium |
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. |
Page 1 of 1.