Vulnerabilities > Candypress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-23 | CVE-2007-5629 | Cross-Site Scripting vulnerability in Candypress Store 4.1 Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. | 4.3 |
2007-05-22 | CVE-2007-2804 | Cross-Site Scripting vulnerability in CandyPress Store ProdList.ASP Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. network candypress | 4.3 |