Filtered by vendor Smartstore
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10778 | 1 Smartstore | 1 Smartstore | 2025-09-22 | 3.1 Low |
| A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-32608 | 1 Smartstore | 1 Smartstore | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. | ||||
| CVE-2021-32607 | 1 Smartstore | 1 Smartstore | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. | ||||
| CVE-2020-36365 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 6.1 Medium |
| Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect. | ||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | ||||
| CVE-2020-27997 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 8.8 High |
| An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). | ||||
| CVE-2020-27996 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 8.8 High |
| An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations. | ||||
| CVE-2020-15243 | 1 Smartstore | 1 Smartstore | 2024-11-21 | 9.1 Critical |
| Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability. | ||||
Page 1 of 1.