3 matches found
CVE-2010-1464
The CVE-2010-1464 entry describes multiple reflected XSS vulnerabilities in WebAsyst Shop-Script FREE, exploitable via the parameters currency_id_left, currency_id_right, darkcolor, lightcolor, middlecolor, and w. The underlying issue is an XSS input handling weakness that permits remote attacker...
CVE-2014-8377
The CVE-2014-8377 entry describes a Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933. The flaw allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/. Impact is partial integrit...
CVE-2010-4859
The CVE-2010-4859 entry describes a SQL injection in WebAsyst Shop-Script’s index.php, exploitable via the blog_id parameter in a news action. Remote attackers could execute arbitrary SQL commands. Documents identify the affected software and the underlying vulnerability type, but no specific rem...