Vulnerabilities > Devellion > Cubecart > 3.0.7.pl1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-21 | CVE-2006-4268 | Input Validation vulnerability in CubeCart Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. network devellion | 6.8 |
2006-08-21 | CVE-2006-4267 | Input Validation vulnerability in CubeCart Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. | 7.5 |
2006-01-18 | CVE-2006-0245 | Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.7Pl1 Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. network devellion | 4.3 |
2005-10-05 | CVE-2005-3152 | Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.3/3.0.7Pl1 Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. network devellion | 4.3 |