Comersus Cart Security Vulnerabilities and Issues — Comersus Cart CVE List

Lucene search

Comersus Open TechnologiesComersus Cart

5 matches found

CVE•added 2005/07/11 4:0 a.m.•150 views

CVE-2005-2190

Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.

7.5CVSS8.5AI score0.00431EPSS

CVE•added 2005/02/20 5:0 a.m.•48 views

CVE-2004-1656

CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.

5CVSS7.1AI score0.03062EPSS

CVE•added 2005/05/02 4:0 a.m.•46 views

CVE-2005-1188

Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.

4.3CVSS5.7AI score0.00834EPSS

CVE•added 2005/07/11 4:0 a.m.•40 views

CVE-2005-2191

Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp.

4.3CVSS5.8AI score0.00346EPSS

CVE•added 2005/05/02 4:0 a.m.•32 views

CVE-2005-1010

Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username.

4.3CVSS5.7AI score0.00346EPSS