EUVD-2018-13389

Malware in sbrugna...

CVE-2018-20849

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...

CVE-2018-20849

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...

CVE-2018-20849

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...

Design/Logic Flaw

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...

CVE-2018-20849

Arastta eCommerce 1.6.2 is affected by CVE-2018-20849: a cross-site scripting (XSS) vulnerability exploitable via PATH_INFO to the login/ URI. The root cause is insufficient input validation leading to stored/reflective-like misuse of user-controlled data that can affect the login path. Documente...

CVE-2018-20849

Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATHINFO to the login/ URI...

Arastta eCommerce Cross-Site Scripting Vulnerability

Arastta eCommerce is an open source eCommerce platform. A cross-site scripting vulnerability exists in Arastta eCommerce version 1.6.2. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute...

Arastta 1.6.2 Cross Site Scripting

================================================= Synopsis: Arastta 1.6.2 xss vulnerability Product: Arastta eCommerce: Free Shopping Cart Version: 1.6.2 Researcher: Matt Landers [email protected] twitter.com/matthewjland https://mjlanders.org/ ================================================...

Arastta 1.1.5 - SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...

Arastta 1.1.5 - SQL Injection Vulnerability

Exploit for php platform in category web applications Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

Arastta 1.1.5 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...

Arastta 1.1.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Release mode: Fu...

Arastta 1.1.5 - SQL Injection

Arastta 1.1.5 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclose...