Skip to main content

Ecommerceflask

1 CVEs product

Monthly

CVE-2026-14800 LOW POC Monitor

Cross-site request forgery in imhamzaazam ecommerceFlask allows a remote, unauthenticated attacker to induce authenticated victims into executing unauthorized state-changing actions against the application. The vulnerability exists in an unspecified function of the Flask-based e-commerce application up to commit cb7d9e24c30a99379651b7493b32048126ef402b, with no patch released and the project maintainer not yet responding. A publicly available proof-of-concept exploit has been disclosed via a GitHub issue, and the application's rolling release model means no fixed version can be identified.

CSRF Ecommerceflask
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

Cross-site request forgery in imhamzaazam ecommerceFlask allows a remote, unauthenticated attacker to induce authenticated victims into executing unauthorized state-changing actions against the application. The vulnerability exists in an unspecified function of the Flask-based e-commerce application up to commit cb7d9e24c30a99379651b7493b32048126ef402b, with no patch released and the project maintainer not yet responding. A publicly available proof-of-concept exploit has been disclosed via a GitHub issue, and the application's rolling release model means no fixed version can be identified.

CSRF Ecommerceflask
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy