2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...
CVE-2008-4121
Multiple cross-site scripting XSS vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.quick action to search.php and 2 the name parameter in a sendtofriend action to sendtofriend.php...