6 matches found
WordPress Simple Custom Login Page plugin <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Duong in WordPress Plugin Simple Custom Login Page versions = 1.0.3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...
CVE-2007-2532
CVE-2007-2532 concerns Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. It describes multiple XSS vulnerabilities reachable via PATH_INFO to sendmail.php or order_form.php, and via the catname parameter in modules/viewcategory.php (a different vector than CVE-2006-6734). Root cause appears to ...
CVE-2007-2532
Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...
CVE-2006-6735
modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this erro...
CVE-2006-6734
CVE-2006-6734 describes a cross-site scripting (XSS) vulnerability in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. The issue allows remote attackers to inject arbitrary web script or HTML via the catname parameter to modules/viewcategory.php. Connected records corroborate the same product ...