Lucene search

[email protected]CVE-2011-0504

HistoryJan 20, 2011 - 7:00 p.m.

CVE-2011-0504

2011-01-2019:00:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-0504

cross-site scripting

xss

vam shop

security vulnerabilities

remote attack

injection

web script

html

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.

Affected configurations

NVD

Node

vamshopvam_shopMatch1.6

vamshopvam_shopMatch1.6.1

CPENameOperatorVersion
vamshop:vam_shopvamshop vam shopeq1.6
vamshop:vam_shopvamshop vam shopeq1.6.1

CPE	Name	Operator	Version
vamshop:vam_shop	vamshop vam shop	eq	1.6
vamshop:vam_shop	vamshop vam shop	eq	1.6.1

References

osvdb.org/70429

osvdb.org/70430

secunia.com/advisories/42869

www.exploit-db.com/exploits/15968

www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop.html

www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop_1.html

www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop_2.html

www.securityfocus.com/archive/1/515615/100/0/threaded

www.securityfocus.com/archive/1/515619/100/0/threaded

www.securityfocus.com/archive/1/515620/100/0/threaded

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2011-0504

prion1 nvd1 cvelist1 htbridge1