Vulnerabilities > Comersus Open Technologies
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-21 | CVE-2007-3324 | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07 Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. network comersus-open-technologies | 4.3 |
| 2007-06-21 | CVE-2007-3323 | Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. | 7.5 |
| 2005-11-01 | CVE-2005-3397 | Input Validation And Information Disclosure vulnerability in Comersus BackOffice Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. network comersus-open-technologies | 4.3 |
| 2005-10-23 | CVE-2005-3285 | Cross-Site Scripting vulnerability in Comersus BackOffice Plus Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. network comersus-open-technologies | 4.3 |
| 2005-07-11 | CVE-2005-2191 | Input Validation And Information Disclosure vulnerability in Comersus BackOffice Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. network comersus-open-technologies | 4.3 |
| 2005-07-11 | CVE-2005-2190 | SQL-Injection vulnerability in Comersus Cart Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | 7.5 |
| 2005-05-02 | CVE-2005-1188 | Cross-Site Scripting vulnerability in Comersus Cart Comersus_Search_Item.ASP Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. network comersus-open-technologies | 4.3 |
| 2005-05-02 | CVE-2005-1010 | HTML Injection vulnerability in Comersus Open Technologies Comersus Cart 6.0.3 Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. network comersus-open-technologies | 4.3 |
| 2005-05-02 | CVE-2005-0303 | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. network comersus-open-technologies | 4.3 |
| 2005-05-02 | CVE-2005-0302 | SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | 7.5 |