Vulnerabilities > Evershop

DATE CVE VULNERABILITY TITLE RISK
2024-01-13 CVE-2023-46942 Improper Authentication vulnerability in Evershop 1.0.0
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
network
low complexity
evershop CWE-287
7.5
7.5
2024-01-13 CVE-2023-46943 Use of Hard-coded Credentials vulnerability in Evershop 1.0.0
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8.
network
low complexity
evershop CWE-798
critical
 9.1
9.1
2023-12-08 CVE-2023-46493 Path Traversal vulnerability in Evershop 1.0.0
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.
network
low complexity
evershop CWE-22
5.3
5.3
2023-12-08 CVE-2023-46494 Cross-site Scripting vulnerability in Evershop 1.0.0
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.
network
low complexity
evershop CWE-79
6.1
6.1
2023-12-08 CVE-2023-46495 Cross-site Scripting vulnerability in Evershop 1.0.0
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
network
low complexity
evershop CWE-79
6.1
6.1
2023-12-08 CVE-2023-46496 Path Traversal vulnerability in Evershop 1.0.0
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
network
low complexity
evershop CWE-22
8.3
8.3
2023-12-08 CVE-2023-46497 Path Traversal vulnerability in Evershop 1.0.0
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
network
low complexity
evershop CWE-22
5.4
5.4
2023-12-08 CVE-2023-46498 Unspecified vulnerability in Evershop 1.0.0
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
network
low complexity
evershop
critical
 9.8
9.8
2023-12-08 CVE-2023-46499 Cross-site Scripting vulnerability in Evershop 1.0.0
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.
network
low complexity
evershop CWE-79
6.1
6.1