Cubecart@3.0.7-pl1 Security Vulnerabilities and Issues — Cubecart@3.0.7-pl1 CVE List

Lucene search

DevellionCubecart3.0.7-pl1

3 matches found

CVE•added 2006/08/21 9:4 p.m.•47 views

CVE-2006-4267

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.

7.5CVSS8.5AI score0.01564EPSS

CVE•added 2006/01/18 2:0 a.m.•35 views

CVE-2006-0245

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the c...

4.3CVSS5.6AI score0.07397EPSS

CVE•added 2006/08/21 9:4 p.m.•31 views

CVE-2006-4268

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.

6.8CVSS5.8AI score0.03931EPSS