@evershop/evershop

Code execution in evershop

evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API

Directory Traversal in evershop

Cross-site Scripting in evershop

evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API

EverShop is vulnerable to Unauthorized Order Information Access (IDOR)

Cross-site Scripting in evershop

Directory Traversal in evershop

Directory Traversal in evershop

Cross Site Scripting in evershop