Simplcommerce Simplcommerce
3 CVEs affecting Simplcommerce Simplcommerce. Latest disclosed: 2026-06-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-29587 | Medium | 5.4 | 2021-01-14 | SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intention… |
CVE-2026-9591 | | 2026-06-17 | Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or mod… | |
CVE-2026-11975 | | 2026-06-17 | Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary… |