2 matches found
CVE-2006-5942
CVE-2006-5942 describes a Cross-site scripting (XSS) vulnerability in the Inventory Manager component of Website Designs For Less. The flaw occurs in inventory/display/display_results.asp, exploitable via the category parameter to inject arbitrary script/HTML. Affected: Inventory Manager; Impact:...
CVE-2006-5943
CVE-2006-5943 describes multiple SQL injection vulnerabilities in inventory/display/imager.asp of Website Designs for Less Inventory Manager. The flaw allows remote attackers to inject SQL via the pictable, picfield, or where parameters, potentially leading to arbitrary SQL execution. The affecte...