CVE-2025-10778
- EPSS 0.02%
- Veröffentlicht 22.09.2025 02:32:05
- Zuletzt bearbeitet 22.09.2025 21:23:01
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely...
CVE-2021-32607
- EPSS 1.92%
- Veröffentlicht 12.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:22
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.
CVE-2021-32608
- EPSS 1.92%
- Veröffentlicht 12.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:22
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
CVE-2020-15243
- EPSS 0.28%
- Veröffentlicht 08.10.2020 23:15:10
- Zuletzt bearbeitet 21.11.2024 05:05:10
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge...