Vulnerabilities > Cpcommerce > Cpcommerce > 1.0.7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-21 | CVE-2008-4637 | Cross-Site Scripting vulnerability in Cpcommerce Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. | 4.3 |
2008-10-21 | CVE-2008-4121 | Cross-Site Scripting vulnerability in Cpcommerce Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. | 4.3 |
2007-05-31 | CVE-2007-2959 | SQL Injection vulnerability in CPCommerce Manufacturer.PHP SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | 7.5 |