Filtered by vendor Tastyigniter Subscriptions

Search

Switch to Advanced Search (Beta)
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44313 1 Tastyigniter 1 Tastyigniter 2025-04-02 8.1 High
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.
CVE-2024-44314 1 Tastyigniter 1 Tastyigniter 2025-04-02 6.5 Medium
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.
CVE-2022-38256 1 Tastyigniter 1 Tastyigniter 2024-11-21 5.4 Medium
TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-23378 1 Tastyigniter 1 Tastyigniter 2024-11-21 5.4 Medium
A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.
CVE-2022-0602 1 Tastyigniter 1 Tastyigniter 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.
CVE-2021-38699 1 Tastyigniter 1 Tastyigniter 2024-11-21 5.4 Medium
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.