Saleor

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成索引

系统 ID: saleor
分类: ecommerce
覆盖策略: rolling-24m
总案例数: 24
近 30 天新增/更新: 0
重点 Markdown 案例数: 0
已实证(真实版本): 0
已实证(synthetic): 0
阻塞数: 0
待人工/缺浏览器证据: 24
最近渲染时间: 2026-04-01T09:21:04+00:00

目标约束

适用目标类型: lab-local, lab-public, authorized-third-party
是否允许公网验证: yes, but ownership or authorization is required
授权前提: 资产归属可证明，或已取得书面/明确授权。
最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作

来源

official GitHub Saleor Advisories (mode=core)
official NVD Saleor (keyword=Saleor; mode=core)
ecosystem-authority OSV Saleor (mode=core)

案例列表

标题	严重度	案例状态	实证状态	实证方式	来源置信度	更新时间	案例页
saleor	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Skip to content	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Sign up	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Insights	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Unauthenticated Information Disclosure Vulnerability via Python Exceptions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Non-constant time HMAC comparison in Adyen plugin	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Sign in	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Actions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Stored XSS via Unrestricted File Uploads	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Insecure Direct Object Reference (IDOR) in GraphQL API	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Star
22.7k	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
saleor	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Improper object type validation in mutations leading to unauthorized access	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Report a vulnerability	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Security
10	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Policy	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Issues
185	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
CSRF bypass in refreshToken mutation	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Pull requests
67	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Discussions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
User enumeration vulnerability in Saleor due to different error messages	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Lack of proper HTML sanitization in rich text fields	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-

4.1 KiB 原始文件 Blame 文件历史

Saleor

目标约束

来源

案例列表

4.1 KiB

原始文件 Blame 文件历史