CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42697
https://notcve.org/view.php?id=CVE-2024-42697
20 Sep 2024 — Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. • https://github.com/JustDinooo/CVEs/blob/main/CVE-2024-42697/poc.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39639
https://notcve.org/view.php?id=CVE-2023-39639
14 Sep 2023 — LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. Se descubrió que LeoTheme leoblog hasta v3.1.2 contiene una vulnerabilidad de inyección SQL a través del componente LeoBlogBlog::getListBlogs • https://addons.prestashop.com/fr/2_community-developer?contributor=190902&id_category=3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-30150
https://notcve.org/view.php?id=CVE-2023-30150
14 Jun 2023 — PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. • https://friends-of-presta.github.io/security-advisories/module/2023/06/06/leocustomajax.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •