Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54364 | 1 Hikashop | 1 Hikashop | 2026-04-10 | 6.1 Medium |
| Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit the link. | ||||
| CVE-2025-22210 | 1 Hikashop | 1 Hikashop | 2025-06-04 | 7.2 High |
| A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend. | ||||
| CVE-2025-25225 | 1 Hikashop | 1 Hikashop | 2025-05-28 | 6.5 Medium |
| A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. | ||||
| CVE-2024-40746 | 1 Hikashop | 1 Hikashop | 2025-03-20 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend. | ||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2015-7344 | 1 Hikashop | 1 Hikashop | 2024-11-21 | 4.8 Medium |
| HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. | ||||
Page 1 of 1.