CVE-2010-4947

CVE-2010-4947 is an XSS flaw in ALLPC 2.5 affecting advanced_search_result.php where user-supplied keywords are not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML via the keywords parameter. The root cause is input handling in that script leading to client-si...

CVE-2010-4946

CVE-2010-4946 describes an SQL injection in ALLPC 2.5, specifically in product_info.php where the products_id parameter can be manipulated to run arbitrary SQL. The vulnerability, as documented by NVD and Red Hat, carries a CVSS v2 base score of 7.5 (HIGH) with network access, low attack complexi...