CVE-2025-61417
- EPSS 0.09%
- Veröffentlicht 20.10.2025 00:00:00
- Zuletzt bearbeitet 12.11.2025 17:32:00
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in t...
CVE-2024-44313
- EPSS 1.86%
- Veröffentlicht 18.03.2025 00:00:00
- Zuletzt bearbeitet 02.04.2025 12:30:11
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.
CVE-2024-44314
- EPSS 0.08%
- Veröffentlicht 18.03.2025 00:00:00
- Zuletzt bearbeitet 02.04.2025 12:29:56
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to ver...
CVE-2022-38256
- EPSS 0.42%
- Veröffentlicht 08.09.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:16:08
TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-0602
- EPSS 0.21%
- Veröffentlicht 05.04.2022 16:15:13
- Zuletzt bearbeitet 21.11.2024 06:39:00
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.
CVE-2022-23378
- EPSS 1.66%
- Veröffentlicht 09.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:48:28
A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.
CVE-2021-38699
- EPSS 8.89%
- Veröffentlicht 15.08.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:17:55
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.