CactuShop XSS and SQL injection flaws

The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...

CVE-2004-1881

SQL injection vulnerability in 1 mailorder.asp or 2 payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter...