CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained...

4.3CVSS5.9AI score0.00287EPSS

Exploits0References1

NVD•added 2008/10/27 5:21 p.m.•6 views

CVE-2008-4745

Cross-site scripting XSS vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.00322EPSS

Exploits0References3

NVD•added 2008/10/27 5:21 p.m.•9 views

CVE-2008-4746

Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to 1 search.asp and 2 cartUtil.asp...

7.5CVSS8.5AI score0.00413EPSS

Exploits0References3

Prion•added 2008/10/27 5:21 p.m.•8 views

Sql injection

Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to 1 search.asp and 2 cartUtil.asp...

7.5CVSS9.2AI score0.00413EPSS

Exploits0References3Affected Software1

Prion•added 2008/10/27 5:21 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00322EPSS

Exploits0References3Affected Software1

CVE•added 2008/10/27 5:0 p.m.•44 views

CVE-2008-4746

CVE-2008-4746 affects Uniwin eCart Professional 2.0.17. The vulnerability consists of multiple SQL injection flaws exploitable via unspecified vectors to the pages search.asp and cartUtil.asp , enabling remote attackers to run arbitrary SQL commands. The root cause is improper input handling lead...

7.5CVSS8.5AI score0.00413EPSS

Exploits0References3Affected Software1

Cvelist•added 2008/10/27 5:0 p.m.•13 views

CVE-2008-4745

Cross-site scripting XSS vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.00322EPSS

Exploits0References3

Cvelist•added 2008/10/27 5:0 p.m.•14 views

CVE-2008-4746

Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to 1 search.asp and 2 cartUtil.asp...

8.5AI score0.00413EPSS

Exploits0References3

CVE•added 2008/10/27 5:0 p.m.•37 views

CVE-2008-4745

CVE-2008-4745 is an XSS vulnerability in Uniwin eCart Professional 2.0.17, specifically in emailFriend.asp. Remote attackers can inject arbitrary web script or HTML via unspecified vectors. The NVD entry lists a base score of 4.3 (Medium) with Network attack vector, Medium complexity, no authenti...

4.3CVSS5.7AI score0.00322EPSS

Exploits0References3Affected Software1

NVD•added 2008/02/04 11:0 p.m.•11 views

CVE-2008-0558

4.3CVSS5.7AI score0.00287EPSS

Exploits0References2

Prion•added 2008/02/04 11:0 p.m.•9 views

Cross site scripting

4.3CVSS6.1AI score0.00287EPSS

Exploits0References2Affected Software1

CVE•added 2008/02/04 10:0 p.m.•40 views

CVE-2008-0558

CVE-2008-0558 describes a cross-site scripting (XSS) vulnerability in Uniwin eCart Professional prior to 2.0.16. The issue allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and potentially other components. The root cause is not explicitly detaile...

4.3CVSS5.7AI score0.00287EPSS

Exploits0References2Affected Software1

Cvelist•added 2008/02/04 10:0 p.m.•11 views

CVE-2008-0558

5.7AI score0.00287EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by