CVE-2023-46495
- EPSS 0.08%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
CVE-2023-46496
- EPSS 0.46%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
CVE-2023-46497
- EPSS 0.05%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
CVE-2023-46498
- EPSS 1.28%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
CVE-2023-46499
- EPSS 0.08%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.