Storefront
by Lagarde
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0557 | 0.03 | — | 0.01 | Aug 18, 2003 | SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. | |||
| CVE-2024-13686 | 0.00 | — | 0.00 | Mar 4, 2025 | The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with… | |||
| CVE-2025-26206 | 0.00 | — | 0.01 | Mar 3, 2025 | Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component | |||
| CVE-2024-29036 | 0.00 | — | 0.01 | Mar 20, 2024 | Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by… | |||
| CVE-2022-27503 | 0.00 | — | 0.00 | Apr 13, 2022 | Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | |||
| CVE-2008-1341 | 0.00 | — | 0.01 | Mar 17, 2008 | SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… |
- CVE-2003-0557Aug 18, 2003risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
- CVE-2024-13686Mar 4, 2025risk 0.00cvss —epss 0.00
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with…
- CVE-2025-26206Mar 3, 2025risk 0.00cvss —epss 0.01
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component
- CVE-2024-29036Mar 20, 2024risk 0.00cvss —epss 0.01
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by…
- CVE-2022-27503Apr 13, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
- CVE-2008-1341Mar 17, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…