Lucene search
K

91 matches found

NVD
NVD
added 2008/10/21 6:0 p.m.20 views

CVE-2008-4637

Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...

4.3CVSS5.5AI score0.00845EPSS
Exploits0References2
NVD
NVD
added 2008/10/21 6:0 p.m.22 views

CVE-2008-4121

Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...

4.3CVSS5.6AI score0.01344EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2008/10/21 6:0 p.m.3 views

CVE-2008-4637

Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...

4.3CVSS5.7AI score0.01344EPSS
Exploits2References4
Prion
Prion
added 2008/10/21 6:0 p.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...

4.3CVSS5.9AI score0.01344EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2008/10/21 6:0 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...

4.3CVSS5.8AI score0.01344EPSS
Exploits2References8Affected Software1
Cvelist
Cvelist
added 2008/10/21 4:0 p.m.24 views

CVE-2008-4121

Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...

5.6AI score0.01344EPSS
Exploits2References8
Cvelist
Cvelist
added 2008/10/21 4:0 p.m.25 views

CVE-2008-4637

Cross-site scripting XSS vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121...

5.5AI score0.00845EPSS
Exploits0References2
CVE
CVE
added 2008/10/21 4:0 p.m.47 views

CVE-2008-4637

CVE-2008-4637 is a cpCommerce XSS issue in versions before 1.2.4. The entry notes it as a variant of CVE-2008-4121 and references the full XSS vectors described for CP Commerce: (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to ...

4.3CVSS5.5AI score0.00845EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2008/10/21 4:0 p.m.39 views

CVE-2008-4121

CVE-2008-4121 affects cpCommerce prior to 1.2.4. The vulnerability is a Cross-Site Scripting (XSS) flaw that enables remote attackers to inject arbitrary web script or HTML through (1) the search parameter in search.php via the search.quick action and (2) the name parameter in sendtofriend.php vi...

4.3CVSS5.6AI score0.01344EPSS
Exploits2References8Affected Software1
Packet Storm
Packet Storm
added 2008/10/20 12:0 a.m.30 views

cpcommerce-xss.txt

Cross Site Scripting XSS Vulnerabilitiy in cpcommerce, CVE-2008-4121 References http://www.datensalat.eu/fabian/cve/CVE-2008-4121-cpcommerce.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4121 http://cpcommerce.cpradio.org/ Description cpCommerce is an open-source e-commerce solution...

4.3CVSS6.6AI score0.01344EPSS
Exploits2
NVD
NVD
added 2008/04/22 4:41 a.m.8 views

CVE-2008-1908

Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or 2 the action...

7.5CVSS7.3AI score0.02827EPSS
Exploits1References6
Prion
Prion
added 2008/04/22 4:41 a.m.11 views

Directory traversal

Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or 2 the action...

7.5CVSS7.8AI score0.02827EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2008/04/22 4:41 a.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...

7.5CVSS8.9AI score0.01195EPSS
Exploits3References5Affected Software1
NVD
NVD
added 2008/04/22 4:41 a.m.19 views

CVE-2008-1906

Cross-site scripting XSS vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action...

4.3CVSS5.7AI score0.0171EPSS
Exploits1References6
NVD
NVD
added 2008/04/22 4:41 a.m.23 views

CVE-2008-1907

Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...

7.5CVSS8.3AI score0.00997EPSS
Exploits1References5
CVE
CVE
added 2008/04/21 11:0 p.m.35 views

CVE-2008-1906

CVE-2008-1906 describes a cross-site scripting (XSS) vulnerability in cpCommerce 1.1.0, specifically in calendar.php. The issue allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action. The description and associated references confirm the vulner...

4.3CVSS5.7AI score0.0171EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2008/04/21 11:0 p.m.21 views

CVE-2008-1906

Cross-site scripting XSS vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action...

5.7AI score0.0171EPSS
Exploits1References6
CVE
CVE
added 2008/04/21 11:0 p.m.41 views

CVE-2008-1907

CVE-2008-1907 describes multiple SQL injection vulnerabilities in cpCommerce 1.1.0, specifically in functions/display_page.func.php. The attacker can remotely execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components, indi...

7.5CVSS8.4AI score0.00997EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2008/04/21 11:0 p.m.35 views

CVE-2008-1908

CVE-2008-1908 affects cpCommerce 1.1.0 with multiple directory traversal vulnerabilities. The flaws allow remote attackers to include and execute arbitrary local files via a .. in (1) the language parameter used by a language action to the default URI (not properly handled in actions/language.act...

7.5CVSS7.3AI score0.02827EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2008/04/21 11:0 p.m.23 views

CVE-2008-1907

Multiple SQL injection vulnerabilities in functions/displaypage.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the 1 idproduct, 2 idmanufacturer, and 3 idcategory parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and...

8.3AI score0.00997EPSS
Exploits1References5
Rows per page
Query Builder