Lucene search
K

5 matches found

Prion
Prion
added 2014/08/21 11:55 p.m.15 views

Authentication flaw

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack...

5CVSS7.3AI score0.01141EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2014/07/15 2:55 p.m.20 views

CVE-2014-4965

Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...

4.3CVSS5.8AI score0.03247EPSS
Exploits1References3
NVD
NVD
added 2014/07/15 2:55 p.m.25 views

CVE-2014-4964

Multiple cross-site request forgery CSRF vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that 1 modify customer settings or hijack the authentication of administrators for requests that change 2 customer passwords, 3 shop...

6.8CVSS7.2AI score0.023EPSS
Exploits1References2
Prion
Prion
added 2014/07/15 2:55 p.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that 1 modify customer settings or hijack the authentication of administrators for requests that change 2 customer passwords, 3 shop...

6.8CVSS7.8AI score0.023EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/07/15 2:0 p.m.43 views

CVE-2014-4965

CVE-2014-4965 describes multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier. The flaws allow remote attackers to inject arbitrary web script or HTML via: (1) customername in central/orders/searchcriteria.action; (2) productname in central/catalog/productlist.action; ...

4.3CVSS5.8AI score0.03247EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder