Vulnerabilities > CVE-2007-0056 - Cross-Site Scripting vulnerability in AShop Deluxe And AShop Administration Panel
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description AShop Deluxe 4.5 admin/salesadmin.php resultpage Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29382 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29382/ title AShop Deluxe 4.5 admin/salesadmin.php resultpage Parameter XSS description AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29377 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29377/ title AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS description AShop Deluxe 4.5 shipping.php Multiple Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29380 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29380/ title AShop Deluxe 4.5 shipping.php Multiple Parameter XSS description AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29378 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29378/ title AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS description AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29379 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29379/ title AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS description AShop Deluxe 4.5 admin/editcatalogue.php cat Parameter XSS. CVE-2007-0056. Webapps exploit for php platform id EDB-ID:29381 last seen 2016-02-03 modified 2007-01-02 published 2007-01-02 reporter Hackers Center Security source https://www.exploit-db.com/download/29381/ title AShop Deluxe 4.5 admin/editcatalogue.php cat Parameter XSS
References
- http://osvdb.org/32553
- http://osvdb.org/32554
- http://osvdb.org/32555
- http://osvdb.org/32556
- http://osvdb.org/32557
- http://osvdb.org/32558
- http://secunia.com/advisories/23547
- http://securityreason.com/securityalert/2091
- http://www.securityfocus.com/archive/1/455629/100/0/threaded
- http://www.securityfocus.com/bid/21845
- http://www.vupen.com/english/advisories/2007/0028
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31178