4 matches found
CVE-2012-1664
osCMax 2.5.1 fixes CVE-2012-1664 (and related CVE-2012-1665) XSS and SQLi vulnerabilities in the admin panel. The advisory describes multiple reflected XSS vectors in admin/login.php, admin/new_attributes_include.php, admin/htaccess.php, admin/information_form.php, admin/xsell.php, and several st...
Multiple vulnerabilities in osCmax
Advisory ID: HTB23081 Product: osCmax Vendor: osCMax.com Vulnerable Versions: 2.5.0 and probably prior Tested Version: 2.5.0 Vendor Notification: 14 March 2012 Vendor Patch: 30 March 2012 Public Disclosure: 4 April 2012 Vulnerability Type: Cross-Site Scripting XSS, SQL Injection CVE References:...
osCmax 2.5.0 Cross Site Scripting / SQL Injection
Advisory ID: HTB23081 Product: osCmax Vendor: osCMax.com Vulnerable Versions: 2.5.0 and probably prior Tested Version: 2.5.0 Vendor Notification: 14 March 2012 Vendor Patch: 30 March 2012 Public Disclosure: 4 April 2012 Vulnerability Type: Cross-Site Scripting XSS, SQL Injection CVE References:...
Multiple vulnerabilities in osCmax
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in osCmax: CVE-2012-1664 1.1 Input passed via the "username" POST parameter to...