Vulnerabilities > Comersus Open Technologies > Comersus Cart > 7.07
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-21 | CVE-2007-3324 | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07 Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. network comersus-open-technologies | 4.3 |
2007-06-21 | CVE-2007-3323 | Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. | 7.5 |