Vulnerabilities > Shopwind > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-43321 | Cross-site Scripting vulnerability in Shopwind 3.4.3 Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | 6.1 |
| 2022-05-11 | CVE-2022-30057 | Cross-site Scripting vulnerability in Shopwind Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2022-05-11 | CVE-2022-30058 | Path Traversal vulnerability in Shopwind Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. | 5.3 |
| 2022-05-11 | CVE-2022-30059 | Path Traversal vulnerability in Shopwind Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. | 6.5 |