Lucene search
+L
Comersus Open TechnologiesComersus Cart

9 matches found

CVE
CVE
added 2007/06/21 6:0 p.m.270 views

CVE-2007-3323

CVE-2007-3323 describes an SQL injection in Comersus Shop Cart 7.07, exploitable via the idProduct parameter to comersus_optReviewReadExec.asp. Remote attackers could execute arbitrary SQL commands; the description notes it may be the same issue as CVE-2005-2190. No remediation or version-specifi...

7.5CVSS8.2AI score0.01041EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.165 views

CVE-2005-2190

CVE-2005-2190 concerns multiple SQL injection flaws in Comersus Shop Cart. Remote attackers can inject via (1) email to comersus_optAffiliateRegistrationExec.asp or (2) idProduct to comersus_optReviewReadExec.asp, potentially executing arbitrary SQL on the database. The NVD notes a Base Score of ...

7.5CVSS8.5AI score0.01141EPSS
CVE
CVE
added 2007/06/21 6:0 p.m.73 views

CVE-2007-3324

CVE-2007-3324 documents multiple XSS vulnerabilities in Comersus Cart 7.07, enabling remote attackers to inject arbitrary script or HTML via the redirectUrl parameter to comersus_customerAuthenticateForm.asp or comersus_message.asp. The description notes these are different vectors than CVE-2004-...

4.3CVSS5.6AI score0.01835EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.60 views

CVE-2004-1656

CRLF injection in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting via the redirecturl parameter, enabling modification of server HTML content. Root cause is CRLF handling in the redirecturl flow; vulnerable component is the redirecturl parameter processing...

5CVSS7.1AI score0.0228EPSS
CVE
CVE
added 2005/04/19 4:0 a.m.58 views

CVE-2005-1188

CVE-2005-1188 involves a cross-site scripting (XSS) vulnerability in Comersus Cart, specifically in the comersus_searchItem.asp script. Affected versions range from 3.90 to 4.51. The underlying issue is insufficient sanitization of the curPage parameter, enabling remote attackers to inject arbitr...

4.3CVSS5.7AI score0.0362EPSS
CVE
CVE
added 2004/07/13 4:0 a.m.54 views

CVE-2004-0681

CVE-2004-0681 involves multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 5.09. The affected pages are comersus_customerAuthenticateForm.asp, comersus_backoffice_message.asp, comersus_supportError.asp, and comersus_message.asp. The underlying issue is non-sanitized input in the ...

6.8CVSS6AI score0.02043EPSS
CVE
CVE
added 2004/07/13 4:0 a.m.53 views

CVE-2004-0682

CVE-2004-0682 affects Comersus Cart 5.09 (and possibly earlier versions before 5.098). The issue arises in comersus_gatewayPayPal.asp where remote attackers can change item prices by directly modifying them in the URL. The available connected records confirm the vulnerable component and the URL-b...

7.5CVSS6.7AI score0.06851EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.53 views

CVE-2005-2191

CVE-2005-2191 concerns multiple XSS vulnerabilities in Comersus shopping cart. The flaws allow remote attackers to inject arbitrary web script or HTML via the name parameter in comersus_backoffice_listAssignedPricesToCustomer.asp or the message parameter in comersus_backoffice_message.asp. This r...

4.3CVSS5.8AI score0.01208EPSS
CVE
CVE
added 2005/04/08 4:0 a.m.50 views

CVE-2005-1010

The CVE-2005-1010 vulnerability is a Cross-Site Scripting (XSS) flaw in Comersus Cart 6 that allows remote attackers to inject arbitrary HTML/JS via the Account Username field. Root cause: improper sanitization of user input in the Username field (as detailed in Nessus/NGD references). Impact: us...

4.3CVSS5.7AI score0.01177EPSS