Vulnerabilities > Evershop > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-08 | CVE-2023-46493 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | 5.3 |
| 2023-12-08 | CVE-2023-46494 | Cross-site Scripting vulnerability in Evershop 1.0.0 Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | 6.1 |
| 2023-12-08 | CVE-2023-46495 | Cross-site Scripting vulnerability in Evershop 1.0.0 Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. | 6.1 |
| 2023-12-08 | CVE-2023-46497 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | 5.4 |
| 2023-12-08 | CVE-2023-46499 | Cross-site Scripting vulnerability in Evershop 1.0.0 Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | 6.1 |