91 matches found
CVE-2008-4637
Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...
CVE-2008-4121
Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...
CVE-2008-4637
Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...
Cross site scripting
Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...
CVE-2008-4121
Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...
CVE-2008-4637
Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...
CVE-2008-4637
CVE-2008-4637 is a cpCommerce XSS issue in versions before 1.2.4. The entry notes it as a variant of CVE-2008-4121 and references the full XSS vectors described for CP Commerce: (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to ...
CVE-2008-4121
CVE-2008-4121 affects cpCommerce prior to 1.2.4. The vulnerability is a Cross-Site Scripting (XSS) flaw that enables remote attackers to inject arbitrary web script or HTML through (1) the search parameter in search.php via the search.quick action and (2) the name parameter in sendtofriend.php vi...
cpcommerce-xss.txt
Cross Site Scripting XSS Vulnerabilitiy in cpcommerce, CVE-2008-4121 References http://www.datensalat.eu/fabian/cve/CVE-2008-4121-cpcommerce.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4121 http://cpcommerce.cpradio.org/ Description cpCommerce is an open-source e-commerce solution...
CVE-2008-1908
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or 2 the action...
Directory traversal
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or 2 the action...
Sql injection
Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...
CVE-2008-1906
Cross-site scripting XSS vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action...
CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...
CVE-2008-1906
CVE-2008-1906 describes a cross-site scripting (XSS) vulnerability in cpCommerce 1.1.0, specifically in calendar.php. The issue allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action. The description and associated references confirm the vulner...
CVE-2008-1906
Cross-site scripting XSS vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action...
CVE-2008-1907
CVE-2008-1907 describes multiple SQL injection vulnerabilities in cpCommerce 1.1.0, specifically in functions/display_page.func.php. The attacker can remotely execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components, indi...
CVE-2008-1908
CVE-2008-1908 affects cpCommerce 1.1.0 with multiple directory traversal vulnerabilities. The flaws allow remote attackers to include and execute arbitrary local files via a .. in (1) the language parameter used by a language action to the default URI (not properly handled in actions/language.act...
CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...