Filtered by vendor Evershop Subscriptions
Total 9 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-46499 1 Evershop 1 Evershop 2024-11-26 6.1 Medium
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.
CVE-2023-46943 1 Evershop 1 Evershop 2024-11-21 9.1 Critical
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
CVE-2023-46942 1 Evershop 1 Evershop 2024-11-21 7.5 High
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
CVE-2023-46498 1 Evershop 1 Evershop 2024-11-21 9.8 Critical
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
CVE-2023-46497 1 Evershop 1 Evershop 2024-11-21 5.4 Medium
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
CVE-2023-46496 1 Evershop 1 Evershop 2024-11-21 8.3 High
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
CVE-2023-46495 1 Evershop 1 Evershop 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
CVE-2023-46494 1 Evershop 1 Evershop 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.
CVE-2023-46493 1 Evershop 1 Evershop 2024-11-21 5.3 Medium
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.