2 matches found
CVE-2024-22550
CVE-2024-22550 concerns ShopSite v14.0, where the vulnerable component is the /alsdemo/ss/mediam.cgi module. The issue is an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted SVG file. According to the sources, the vulnerability affects S...
CVE-2006-6485
CVE-2006-6485 describes multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration.cgi and other unspecified vectors. The NVD metrics rate a bas...