5 matches found
Authentication flaw
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack...
CVE-2014-4965
Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...
CVE-2014-4964
Multiple cross-site request forgery CSRF vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that 1 modify customer settings or hijack the authentication of administrators for requests that change 2 customer passwords, 3 shop...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that 1 modify customer settings or hijack the authentication of administrators for requests that change 2 customer passwords, 3 shop...
CVE-2014-4965
CVE-2014-4965 describes multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier. The flaws allow remote attackers to inject arbitrary web script or HTML via: (1) customername in central/orders/searchcriteria.action; (2) productname in central/catalog/productlist.action; ...