Commerce
by Commerceguys
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37486 | 0.00 | — | 0.00 | Aug 8, 2023 | Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact… | |||
| CVE-2022-38656 | 0.00 | — | 0.01 | Nov 4, 2022 | HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | |||
| CVE-2021-27751 | 0.00 | — | 0.00 | May 6, 2022 | HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. | |||
| CVE-2014-9025 | 0.00 | — | 0.01 | Nov 20, 2014 | The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via… | |||
| CVE-2012-1639 | 0.00 | — | 0.01 | Oct 1, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. |
- CVE-2023-37486Aug 8, 2023risk 0.00cvss —epss 0.00
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact…
- CVE-2022-38656Nov 4, 2022risk 0.00cvss —epss 0.01
HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.
- CVE-2021-27751May 6, 2022risk 0.00cvss —epss 0.00
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.
- CVE-2014-9025Nov 20, 2014risk 0.00cvss —epss 0.01
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via…
- CVE-2012-1639Oct 1, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.