VYPR

Commerce

by Commerceguys

CVEs (5)

  • CVE-2023-37486Aug 8, 2023
    risk 0.00cvss epss 0.00

    Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact…

  • CVE-2022-38656Nov 4, 2022
    risk 0.00cvss epss 0.01

    HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.

  • CVE-2021-27751May 6, 2022
    risk 0.00cvss epss 0.00

    HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

  • CVE-2014-9025Nov 20, 2014
    risk 0.00cvss epss 0.01

    The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via…

  • CVE-2012-1639Oct 1, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.