10 matches found
EUVD-2007-3313
Malware in sbrugna...
CVE-2020-23447
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...
CVE-2020-23447
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...
CVE-2020-23447
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...
CVE-2020-23447
CVE-2020-23447 affects newbee-mall 1.0 with a cross-site scripting vulnerability in shop-cart/settle. An attacker can inject an XSS payload in the address information during purchase, triggered when viewing the Order Management Office’s “View Recipient Information.” Connected CNVD/CVEs corroborat...
Sql injection
SQL injection vulnerability in comersusoptReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2...
CVE-2007-3323
SQL injection vulnerability in comersusoptReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2...
CVE-2007-3323
SQL injection vulnerability in comersusoptReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2...
CVE-2007-3323
CVE-2007-3323 describes an SQL injection in Comersus Shop Cart 7.07, exploitable via the idProduct parameter to comersus_optReviewReadExec.asp. Remote attackers could execute arbitrary SQL commands; the description notes it may be the same issue as CVE-2005-2190. No remediation or version-specifi...
csc-sqlxss.txt
--- Comersus Shop Cart 7.07 SQL Injection & XSS Comersus is an active server pages asp software for running shopping stores, integrated with the rest of your web site. Comersus ASP Cart is free and IT CAN BE used for commercial purposes. An attacker may leverage this issue to have arbitrary scrip...