Vulnerabilities > Cpcommerce > Cpcommerce > 0.5f
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-21 | CVE-2008-4637 | Cross-Site Scripting vulnerability in Cpcommerce Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. | 4.3 |
| 2008-10-21 | CVE-2008-4121 | Cross-Site Scripting vulnerability in Cpcommerce Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. | 4.3 |