CVE-2024-53476
- EPSS 0.55%
- Veröffentlicht 27.12.2024 19:15:09
- Zuletzt bearbeitet 28.12.2024 19:15:06
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can ...
CVE-2024-50944
- EPSS 2.76%
- Veröffentlicht 27.12.2024 19:15:08
- Zuletzt bearbeitet 28.12.2024 19:15:06
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.
CVE-2024-50945
- EPSS 4.91%
- Veröffentlicht 27.12.2024 19:15:08
- Zuletzt bearbeitet 18.03.2025 19:15:45
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.
CVE-2020-27478
- EPSS 1.41%
- Veröffentlicht 30.04.2024 19:15:22
- Zuletzt bearbeitet 21.11.2024 05:21:14
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature.
CVE-2020-29587
- EPSS 0.21%
- Veröffentlicht 14.01.2021 16:15:18
- Zuletzt bearbeitet 21.11.2024 05:24:15
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because i...