VYPR

Phoenixcart

by CE Phoenix

Source repositories

CVEs (2)

  • CVE-2025-47272MedJun 2, 2025
    risk 0.29cvss 5.5epss 0.00

    The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public…

  • CVE-2025-47289Jun 2, 2025
    risk 0.00cvss epss 0.00

    CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the…