VYPR

Commerce

by Craftcms

Source repositories

CVEs (23)

  • CVE-2026-25482Feb 3, 2026
    risk 0.00cvss epss 0.00

    Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without…

  • CVE-2021-40502Nov 10, 2021
    risk 0.00cvss epss 0.01

    SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.

  • CVE-2005-2221Jul 12, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4)…

Page 2 of 2