All the vulnerabilites related to Collne Inc. - Welcart e-Commerce
cve-2023-40219
Vulnerability from cvelistv5
Published
2023-09-26 08:13
Modified
2024-08-02 18:24
Severity
Summary
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:13:16.447Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-40219",
"datePublished": "2023-09-26T08:13:16.447Z",
"dateReserved": "2023-09-20T04:37:56.787Z",
"dateUpdated": "2024-08-02T18:24:55.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43493
Vulnerability from cvelistv5
Published
2023-09-26 08:18
Modified
2024-08-02 19:44
Severity
Summary
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:18:24.886Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-43493",
"datePublished": "2023-09-26T08:18:24.886Z",
"dateReserved": "2023-09-20T04:37:59.324Z",
"dateUpdated": "2024-08-02T19:44:42.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43610
Vulnerability from cvelistv5
Published
2023-09-26 08:19
Modified
2024-08-02 19:44
Severity
Summary
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:19:11.405Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-43610",
"datePublished": "2023-09-26T08:19:11.405Z",
"dateReserved": "2023-09-20T04:37:58.491Z",
"dateUpdated": "2024-08-02T19:44:43.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50847
Vulnerability from cvelistv5
Published
2023-12-28 18:15
Modified
2024-09-09 17:57
Severity
Summary
WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T17:56:37.724524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T17:57:11.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "usc-e-shop",
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"changes": [
{
"at": "2.9.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Muhammad Daffa (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Collne Inc. Welcart e-Commerce.\u003cp\u003eThis issue affects Welcart e-Commerce: from n/a through 2.9.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T18:15:01.186Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.9.4 or higher version."
}
],
"value": "Update to\u00a02.9.4 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Welcart e-Commerce Plugin \u003c= 2.9.3 is vulnerable to SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-50847",
"datePublished": "2023-12-28T18:15:01.186Z",
"dateReserved": "2023-12-14T17:19:02.630Z",
"dateUpdated": "2024-09-09T17:57:11.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20734
Vulnerability from cvelistv5
Published
2021-06-22 01:35
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://www.welcart.com/archives/14039.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN70566757/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.welcart.com/archives/14039.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70566757/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T01:35:46",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.welcart.com/archives/14039.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN70566757/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Welcart e-Commerce",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.2.4"
}
]
}
}
]
},
"vendor_name": "Collne Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.welcart.com/archives/14039.html",
"refsource": "MISC",
"url": "https://www.welcart.com/archives/14039.html"
},
{
"name": "https://jvn.jp/en/jp/JVN70566757/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN70566757/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20734",
"datePublished": "2021-06-22T01:35:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43484
Vulnerability from cvelistv5
Published
2023-09-26 08:17
Modified
2024-08-02 19:44
Severity
Summary
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:17:31.412Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-43484",
"datePublished": "2023-09-26T08:17:31.412Z",
"dateReserved": "2023-09-20T04:37:55.810Z",
"dateUpdated": "2024-08-02T19:44:42.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43614
Vulnerability from cvelistv5
Published
2023-09-26 08:19
Modified
2024-08-02 19:44
Severity
Summary
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:19:56.004Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-43614",
"datePublished": "2023-09-26T08:19:56.004Z",
"dateReserved": "2023-09-20T04:38:01.190Z",
"dateUpdated": "2024-08-02T19:44:43.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41233
Vulnerability from cvelistv5
Published
2023-09-26 08:15
Modified
2024-08-02 18:54
Severity
Summary
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:15:39.579Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41233",
"datePublished": "2023-09-26T08:15:39.579Z",
"dateReserved": "2023-09-20T04:37:54.930Z",
"dateUpdated": "2024-08-02T18:54:04.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22705
Vulnerability from cvelistv5
Published
2023-03-29 19:32
Modified
2024-08-02 10:13
Severity
Summary
WordPress Welcart e-Commerce Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:50.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "usc-e-shop",
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"changes": [
{
"at": "2.8.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.8.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Le Ngoc Anh (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;2.8.10 versions.\u003c/span\u003e"
}
],
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin \u003c=\u00a02.8.10 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T19:32:53.906Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.8.11 or a higher version."
}
],
"value": "Update to\u00a02.8.11 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Welcart e-Commerce Plugin \u003c= 2.8.10 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-22705",
"datePublished": "2023-03-29T19:32:53.906Z",
"dateReserved": "2023-01-06T12:03:01.167Z",
"dateUpdated": "2024-08-02T10:13:50.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41962
Vulnerability from cvelistv5
Published
2023-09-26 08:16
Modified
2024-08-02 19:09
Severity
Summary
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:16:35.700Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41962",
"datePublished": "2023-09-26T08:16:35.700Z",
"dateReserved": "2023-09-20T04:38:00.369Z",
"dateUpdated": "2024-08-02T19:09:49.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40532
Vulnerability from cvelistv5
Published
2023-09-26 08:14
Modified
2024-08-02 18:38
Severity
Summary
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.welcart.com/archives/20106.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welcart e-Commerce",
"vendor": "Collne Inc.",
"versions": [
{
"status": "affected",
"version": "versions 2.7 to 2.8.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T08:14:17.836Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.welcart.com/archives/20106.html"
},
{
"url": "https://jvn.jp/en/jp/JVN97197972/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-40532",
"datePublished": "2023-09-26T08:14:17.836Z",
"dateReserved": "2023-09-20T04:37:57.608Z",
"dateUpdated": "2024-08-02T18:38:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2016-000118
Vulnerability from jvndb
Published
2016-06-24 14:12
Modified
2016-06-28 17:01
Severity
Summary
WordPress plugin "Welcart e-Commerce" vulnerable to session management
Details
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000118.html",
"dc:date": "2016-06-28T17:01+09:00",
"dcterms:issued": "2016-06-24T14:12+09:00",
"dcterms:modified": "2016-06-28T17:01+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" provided by Collne Inc. contains a vulnerability in session management.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000118.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000118",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN61578437/index.html",
"@id": "JVN#61578437",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4828",
"@id": "CVE-2016-4828",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4828",
"@id": "CVE-2016-4828",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "WordPress plugin \"Welcart e-Commerce\" vulnerable to session management"
}
jvndb-2016-000115
Vulnerability from jvndb
Published
2016-06-24 13:43
Modified
2016-06-29 16:04
Severity
Summary
WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection
Details
WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN47363774/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4825 |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4825 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000115.html",
"dc:date": "2016-06-29T16:04+09:00",
"dcterms:issued": "2016-06-24T13:43+09:00",
"dcterms:modified": "2016-06-29T16:04+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000115.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000115",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN47363774/index.html",
"@id": "JVN#47363774",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4825",
"@id": "CVE-2016-4825",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4825",
"@id": "CVE-2016-4825",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "WordPress plugin \"Welcart e-Commerce\" vulnerable to PHP object injection"
}
jvndb-2016-000116
Vulnerability from jvndb
Published
2016-06-24 13:43
Modified
2016-06-29 16:05
Severity
Summary
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
Details
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#55826471.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000116.html",
"dc:date": "2016-06-29T16:05+09:00",
"dcterms:issued": "2016-06-24T13:43+09:00",
"dcterms:modified": "2016-06-29T16:05+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" provided by Collne Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nNote that this vulnerability is different from JVN#55826471.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000116.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000116",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN95082904/index.html",
"@id": "JVN#95082904",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4826",
"@id": "CVE-2016-4826",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4826",
"@id": "CVE-2016-4826",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress plugin \"Welcart e-Commerce\" vulnerable to cross-site scripting"
}
jvndb-2021-000047
Vulnerability from jvndb
Published
2021-06-11 15:24
Modified
2021-06-11 15:24
Severity
Summary
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
Details
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a stored cross-site scripting vulnerability (CWE-79).
Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000047.html",
"dc:date": "2021-06-11T15:24+09:00",
"dcterms:issued": "2021-06-11T15:24+09:00",
"dcterms:modified": "2021-06-11T15:24+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" provided by Collne Inc. contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nYu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000047.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70566757/index.html",
"@id": "JVN#70566757",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20734",
"@id": "CVE-2021-20734",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20734",
"@id": "CVE-2021-20734",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress plugin \"Welcart e-Commerce\" vulnerable to cross-site scripting"
}
jvndb-2023-000007
Vulnerability from jvndb
Published
2023-01-17 14:17
Modified
2023-01-17 14:17
Severity
Summary
WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal
Details
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a directory traversal vulnerability (CWE-22).
Masato Ikeda of Mitsui Bussan Secure Directions, Inc. and Takeshi Suzuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000007.html",
"dc:date": "2023-01-17T14:17+09:00",
"dcterms:issued": "2023-01-17T14:17+09:00",
"dcterms:modified": "2023-01-17T14:17+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" provided by Collne Inc. contains a directory traversal vulnerability (CWE-22).\r\n\r\nMasato Ikeda of Mitsui Bussan Secure Directions, Inc. and Takeshi Suzuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000007.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN31073333/index.html",
"@id": "JVN#31073333",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-4140",
"@id": "CVE-2022-4140",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-4140",
"@id": "CVE-2022-4140",
"@source": "NVD"
},
{
"#text": "https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7",
"@id": "Welcart e-Commerce \u003c 2.8.5 - Unauthenticated Arbitrary File Access",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "WordPress plugin \"Welcart e-Commerce\" vulnerable to directory traversal"
}
jvndb-2016-000117
Vulnerability from jvndb
Published
2016-06-24 14:12
Modified
2016-06-28 17:01
Severity
Summary
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
Details
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#95082904.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000117.html",
"dc:date": "2016-06-28T17:01+09:00",
"dcterms:issued": "2016-06-24T14:12+09:00",
"dcterms:modified": "2016-06-28T17:01+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" provided by Collne Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nNote that this vulnerability is different from JVN#95082904.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000117.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000117",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55826471/index.html",
"@id": "JVN#55826471",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4827",
"@id": "CVE-2016-4827",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4827",
"@id": "CVE-2016-4827",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress plugin \"Welcart e-Commerce\" vulnerable to cross-site scripting"
}
jvndb-2023-000094
Vulnerability from jvndb
Published
2023-09-22 13:51
Modified
2024-07-11 16:49
Severity
Summary
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
Details
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below.
* Unrestricted Upload of File with Dangerous Type (CWE-434) - CVE-2023-40219
* Path Traversal (CWE-22) - CVE-2023-40532
* Cross-site Scripting in registration process of Item List page (CWE-79) - CVE-2023-41233
* Cross-site Scripting in Credit Card Payment Setup page (CWE-79) - CVE-2023-41962
* Cross-site Scripting in Item List page (CWE-79) - CVE-2023-43484
* SQL Injection in Item List page (CWE-89) - CVE-2023-43493
* SQL Injection in Order Data Edit page (CWE-89) - CVE-2023-43610
* Cross-site Scripting in Order Data Edit page (CWE-79) - CVE-2023-43614
CVE-2023-40219
Akihiro Hashimoto reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-40532, CVE-2023-41233, CVE-2023-41962, CVE-2023-43484, CVE-2023-43493, CVE-2023-43610, CVE-2023-43614
Shogo Kumamaru of LAC CyberLink Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Collne Inc. | Welcart e-Commerce |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000094.html",
"dc:date": "2024-07-11T16:49+09:00",
"dcterms:issued": "2023-09-22T13:51+09:00",
"dcterms:modified": "2024-07-11T16:49+09:00",
"description": "WordPress plugin \"Welcart e-Commerce\" provided by Collne Inc. contains multiple vulnerabilities listed below.\r\n\r\n * Unrestricted Upload of File with Dangerous Type (CWE-434) - CVE-2023-40219\r\n * Path Traversal (CWE-22) - CVE-2023-40532\r\n * Cross-site Scripting in registration process of Item List page (CWE-79) - CVE-2023-41233\r\n * Cross-site Scripting in Credit Card Payment Setup page (CWE-79) - CVE-2023-41962\r\n * Cross-site Scripting in Item List page (CWE-79) - CVE-2023-43484\r\n * SQL Injection in Item List page (CWE-89) - CVE-2023-43493\r\n * SQL Injection in Order Data Edit page (CWE-89) - CVE-2023-43610\r\n * Cross-site Scripting in Order Data Edit page (CWE-79) - CVE-2023-43614\r\n\r\nCVE-2023-40219\r\nAkihiro Hashimoto reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-40532, CVE-2023-41233, CVE-2023-41962, CVE-2023-43484, CVE-2023-43493, CVE-2023-43610, CVE-2023-43614\r\nShogo Kumamaru of LAC CyberLink Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000094.html",
"sec:cpe": {
"#text": "cpe:/a:collne:welcart_e-commerce",
"@product": "Welcart e-Commerce",
"@vendor": "Collne Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000094",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN97197972/index.html",
"@id": "JVN#97197972",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40219",
"@id": "CVE-2023-40219",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40532",
"@id": "CVE-2023-40532",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41233",
"@id": "CVE-2023-41233",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41962",
"@id": "CVE-2023-41962",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43484",
"@id": "CVE-2023-43484",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43493",
"@id": "CVE-2023-43493",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43610",
"@id": "CVE-2023-43610",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43614",
"@id": "CVE-2023-43614",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40219",
"@id": "CVE-2023-40219",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40532",
"@id": "CVE-2023-40532",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41233",
"@id": "CVE-2023-41233",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41962",
"@id": "CVE-2023-41962",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43484",
"@id": "CVE-2023-43484",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43493",
"@id": "CVE-2023-43493",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43610",
"@id": "CVE-2023-43610",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43614",
"@id": "CVE-2023-43614",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in WordPress plugin \"Welcart e-Commerce\""
}