Vulnerabilities > Comersus Open Technologies > Comersus Cart > 7.07

DATE	CVE	VULNERABILITY TITLE	RISK
2007-06-21	CVE-2007-3324	Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07 Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. network comersus-open-technologies	4.3
2007-06-21	CVE-2007-3323	Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. network low complexity comersus-open-technologies	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.