Vulnerabilities > Niushop > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-30 CVE-2020-19670 Missing Authentication for Critical Function vulnerability in Niushop 1.11
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.
network
low complexity
niushop CWE-306
4.9
4.9
2019-09-14 CVE-2019-16310 Cross-site Scripting vulnerability in Niushop 1.11
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.
network
low complexity
niushop CWE-79
5.4
5.4