CVE-2010-1590

Cross-site scripting XSS vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname aka the REMOTEHOST variable, related to the CookielessGenerateFilename an...

CVE-2010-1589

Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname aka the REMOTEHOST variable, related t...