4 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...
CVE-2007-2532
Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...
CVE-2007-2532
CVE-2007-2532 concerns Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. It describes multiple XSS vulnerabilities reachable via PATH_INFO to sendmail.php or order_form.php, and via the catname parameter in modules/viewcategory.php (a different vector than CVE-2006-6734). Root cause appears to ...
ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch...