Filtered by vendor Phoenixcart
Subscriptions
Filtered by product Ce Phoenix Cart
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58296 | 1 Phoenixcart | 1 Ce Phoenix Cart | 2025-12-16 | N/A |
| CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page. | ||||
| CVE-2025-47289 | 1 Phoenixcart | 1 Ce Phoenix Cart | 2025-07-08 | 6.3 Medium |
| CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker — potentially leading to account takeover. Version 1.1.0.3 fixes the issue. | ||||
| CVE-2024-25415 | 1 Phoenixcart | 1 Ce Phoenix Cart | 2025-01-13 | 7.2 High |
| A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. | ||||
Page 1 of 1.