Filtered by vendor Smartstore Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-10778 1 Smartstore 1 Smartstore 2025-09-23 3.1 Low
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-32608 1 Smartstore 1 Smartstore 2024-11-21 9.8 Critical
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
CVE-2021-32607 1 Smartstore 1 Smartstore 2024-11-21 9.8 Critical
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message.
CVE-2020-36365 1 Smartstore 1 Smartstorenet 2024-11-21 6.1 Medium
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
CVE-2020-36364 1 Smartstore 1 Smartstorenet 2024-11-21 9.1 Critical
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
CVE-2020-27997 1 Smartstore 1 Smartstorenet 2024-11-21 8.8 High
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
CVE-2020-27996 1 Smartstore 1 Smartstorenet 2024-11-21 8.8 High
An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.
CVE-2020-15243 1 Smartstore 1 Smartstore 2024-11-21 9.1 Critical
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.