16 matches found
ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
ObieWebsite Mini Web Shop 2 sendmail.php PATH_INFO Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
CVE-2007-2532
CVE-2007-2532 concerns Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. It describes multiple XSS vulnerabilities reachable via PATH_INFO to sendmail.php or order_form.php, and via the catname parameter in modules/viewcategory.php (a different vector than CVE-2006-6734). Root cause appears to ...
CVE-2007-2532
Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...
miniwebshop2-xss.txt
-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...
ObieWebsite Mini Web Shop 2 - order_form.php?PATH_INFO Cross-Site Scripting
ObieWebsite Mini Web Shop 2 - orderform.php?PATHINFO Cross-Site Scripting source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploi...
ObieWebsite Mini Web Shop 2 - Sendmail.php?PATH_INFO Cross-Site Scripting
ObieWebsite Mini Web Shop 2 - Sendmail.php?PATHINFO Cross-Site Scripting source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit...
ObieWebsite Mini Web Shop 2 - 'Sendmail.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch...
ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch...
CVE-2006-6734
Cross-site scripting XSS vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter...
CVE-2006-6735
modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this erro...
CVE-2006-6734
CVE-2006-6734 describes a cross-site scripting (XSS) vulnerability in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. The issue allows remote attackers to inject arbitrary web script or HTML via the catname parameter to modules/viewcategory.php. Connected records corroborate the same product ...
CVE-2006-6735
The CVE-2006-6735 entry concerns Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. The vulnerability allows remote attackers to obtain sensitive information by issuing a request with an arbitrary catname parameter and without an itemsdb parameter, causing an error message that reveals a file pa...
miniwebshop-xss.txt
Hello Vulnerable : MINI WEB SHOP Version: 2.1.c web : http://ObieWebsite.SourceForge.net I Found some bugs XSS & Full Path Disclosure in MINI WEB SHOP XSS : http://example.com/miniwebshop/modules/viewcategory.php?catname='alertdocument.cookie Full Path Disclosure :...
Multiple Bugs in MINI WEB SHOP
Hello Vulnerable : MINI WEB SHOP Version: 2.1.c web : http://ObieWebsite.SourceForge.net I Found some bugs XSS & Full Path Disclosure in MINI WEB SHOP XSS : http://example.com/miniwebshop/modules/viewcategory.php?catname='scriptalertdocument.cookie/script Full Path Disclosure :...
Mini Web Shop 2.1.c - view.php?Viewcategory.php Cross-Site Scripting
Mini Web Shop 2.1.c - view.php?Viewcategory.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21677/info Mini Web Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...