Cpcommerce@1.2.1 Security Vulnerabilities and Issues — Cpcommerce@1.2.1 CVE List

Lucene search

CpcommerceCpcommerce1.2.1

2 matches found

CVE•added 2008/10/21 6:0 p.m.•39 views

CVE-2008-4637

Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.

4.3CVSS5.5AI score0.00545EPSS

CVE•added 2008/10/21 6:0 p.m.•29 views

CVE-2008-4121

Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.

4.3CVSS5.6AI score0.00545EPSS