Filtered by vendor Evershop
Subscriptions
Filtered by product Evershop
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12919 | 1 Evershop | 1 Evershop | 2025-11-10 | 3.7 Low |
| A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-46942 | 1 Evershop | 1 Evershop | 2025-06-03 | 7.5 High |
| Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | ||||
| CVE-2023-46494 | 1 Evershop | 1 Evershop | 2025-05-27 | 6.1 Medium |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | ||||
| CVE-2023-46499 | 1 Evershop | 1 Evershop | 2024-11-26 | 6.1 Medium |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | ||||
| CVE-2023-46943 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.1 Critical |
| An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | ||||
| CVE-2023-46498 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.8 Critical |
| An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | ||||
| CVE-2023-46497 | 1 Evershop | 1 Evershop | 2024-11-21 | 5.4 Medium |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | ||||
| CVE-2023-46496 | 1 Evershop | 1 Evershop | 2024-11-21 | 8.3 High |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | ||||
| CVE-2023-46495 | 1 Evershop | 1 Evershop | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. | ||||
| CVE-2023-46493 | 1 Evershop | 1 Evershop | 2024-11-21 | 5.3 Medium |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | ||||
Page 1 of 1.