Cpcommerce@* Security Vulnerabilities and Issues — Cpcommerce@* CVE List

Lucene search

CpcommerceCpcommerce*

4 matches found

CVE•added 2008/10/21 6:0 p.m.•39 views

CVE-2008-4637

Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.

4.3CVSS5.5AI score0.00545EPSS

CVE•added 2007/05/30 1:30 a.m.•30 views

CVE-2007-2890

SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.

7.5CVSS8.4AI score0.00782EPSS

CVE•added 2008/10/21 6:0 p.m.•29 views

CVE-2008-4121

Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.

4.3CVSS5.6AI score0.00545EPSS

CVE•added 2007/06/01 1:30 a.m.•28 views

CVE-2007-2968

Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field).

4.3CVSS5.7AI score0.00475EPSS