Cubecart@3.0.7-pl1 Security Vulnerabilities and Issues — Cubecart@3.0.7-pl1 CVE List

Lucene search

DevellionCubecart3.0.7-pl1

4 matches found

CVE•added 2006/08/21 9:4 p.m.•47 views

CVE-2006-4267

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.

7.5CVSS8.5AI score0.01564EPSS

CVE•added 2005/10/05 10:2 p.m.•39 views

CVE-2005-3152

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reporte...

4.3CVSS5.7AI score0.07397EPSS

CVE•added 2006/01/18 2:0 a.m.•35 views

CVE-2006-0245

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the c...

4.3CVSS5.6AI score0.07397EPSS

CVE•added 2006/08/21 9:4 p.m.•31 views

CVE-2006-4268

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.

6.8CVSS5.8AI score0.03931EPSS