VYPR

Simplcommerce

by Simplcommerce

Source repositories

CVEs (7)

  • CVE-2024-50944CriDec 27, 2024
    risk 0.64cvss 9.8epss 0.01

    Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.

  • CVE-2024-50945HigDec 27, 2024
    risk 0.49cvss 7.5epss 0.01

    An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

  • CVE-2020-27478HigApr 30, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature.

  • CVE-2024-53476MedDec 27, 2024
    risk 0.38cvss 5.9epss 0.01

    A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when…

  • CVE-2020-29587MedJan 14, 2021
    risk 0.35cvss 5.4epss 0.01

    SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html()…

  • CVE-2026-9591Jun 17, 2026
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to `/api/news-items`, due to missing anti-CSRF…

  • CVE-2026-11975Jun 17, 2026
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered…