Known Vulnerabilities for products from Collne
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Collne".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-50847 json | 7.2 - HIGH | 2023-12-28 | 2024-01-04 | |
| CVE-2023-43614 json | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unaut... | 6.1 - MEDIUM | 2023-09-27 | 2023-09-28 |
| CVE-2023-43610 json | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (w... | 8.8 - HIGH | 2023-09-27 | 2023-09-27 |
| CVE-2023-43493 json | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or highe... | 4.9 - MEDIUM | 2023-09-27 | 2023-09-27 |
| CVE-2023-43484 json | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthentic... | 6.1 - MEDIUM | 2023-09-27 | 2023-09-27 |
| CVE-2023-41962 json | Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a re... | 6.1 - MEDIUM | 2023-09-27 | 2023-09-28 |
| CVE-2023-41233 json | Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows... | 6.1 - MEDIUM | 2023-09-27 | 2023-09-27 |
| CVE-2023-40532 json | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to ob... | 4.3 - MEDIUM | 2023-09-27 | 2023-09-28 |
| CVE-2023-40219 json | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an una... | 7.2 - HIGH | 2023-09-27 | 2023-09-27 |
| CVE-2023-22705 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions. | 6.1 - MEDIUM | 2023-03-29 | 2023-11-07 |
| CVE-2023-5951 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2023-12-04 | 2023-12-07 |
| CVE-2022-41840 json | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | 9.8 - CRITICAL | 2022-11-18 | 2022-11-21 |
| CVE-2022-4655 json | The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which cou... | 5.4 - MEDIUM | 2023-01-16 | 2023-11-07 |
| CVE-2022-4237 json | The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions v... | 8.8 - HIGH | 2023-01-02 | 2023-11-07 |
| CVE-2022-4236 json | The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a ... | 6.5 - MEDIUM | 2023-01-02 | 2023-11-07 |
| CVE-2022-4140 json | The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a ... | 7.5 - HIGH | 2023-01-02 | 2023-11-07 |
| CVE-2022-3946 json | The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any log... | 6.5 - MEDIUM | 2022-12-12 | 2023-11-07 |
| CVE-2022-3935 json | The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any auth... | 5.4 - MEDIUM | 2022-12-12 | 2023-11-07 |
| CVE-2021-20734 json | Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary ... | 6.1 - MEDIUM | 2021-06-22 | 2021-06-24 |
| CVE-2020-28339 json | The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_un... | 8.8 - HIGH | 2020-11-07 | 2021-07-21 |
Known software with vulnerabilities from Collne
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Collne | Welcart E-commerce | - |