Vulnerabilities (CVE)

Filtered by vendor Hikashop Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38044 1 Hikashop 1 Hikashop 2024-11-21 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVE-2015-7344 1 Hikashop 1 Hikashop 2024-11-21 3.5 LOW 4.8 MEDIUM
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].
CVE-2024-40746 1 Hikashop 1 Hikashop 2024-10-29 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.