2 matches found
CactuShop XSS and SQL injection flaws
The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...
CVE-2004-1882
CVE-2004-1882 concerns CactuShop 5.x (ASP). The vulnerability is a cross-site scripting (XSS) flaw in the script popuplargeimage.asp, exploitable via the user-controlled parameter strImageTag . OpenVAS notes that the remote host runs CactuShop and that lack of sanitization can enable execution of...