CVE-2023-46495
- EPSS 0.49%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
CVE-2023-46496
- EPSS 1.19%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
CVE-2023-46497
- EPSS 0.79%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
CVE-2023-46498
- EPSS 1.29%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
CVE-2023-46499
- EPSS 0.49%
- Veröffentlicht 08.12.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:36
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.