← Back

Ce Phoenix Cart

ce_phoenix_cart

Vendor: Phoenixcart • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-47289
1Phoenixcart
1Ce Phoenix Cart
Jul 8, 2025
Jun 2, 2025
N/A· v4
9.0 CRITICAL· v3
N/A· v2
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into...Show more
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker — potentially leading to account takeover. Version 1.1.0.3 fixes the issue.Show less
CVE-2024-25415
1Phoenixcart
1Ce Phoenix Cart
Jun 17, 2026
Feb 16, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.