Lucene search

Infinicart Security Vulnerabilities

cve

CVE-2006-5958

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c)...

6.2AI Score

0.025EPSS

2006-11-17 01:07 AM

cve

CVE-2006-5957

Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor...

8.9AI Score

0.003EPSS

2006-11-17 01:07 AM