2 matches found
CVE-2008-4432
CVE-2008-4432 describes a Cross-site scripting (XSS) vulnerability in the RMSOFT MiniShop module 1.0 for Xoops, exploitable via the itemsxpag parameter in search.php. Remote attackers can inject arbitrary script/HTML. The NVD lists base CVSSv2 4.3 (Medium). The connected documents provide the vul...
CVE-2008-4433
CVE-2008-4433 describes an SQL injection in the RMSOFT MiniShop module 1.0 for Xoops. The vulnerability is triggered via the itemsxpag parameter in search.php, allowing remote attackers to execute arbitrary SQL commands. The affected component is the MiniShop module’s search functionality, and th...