Vulnerabilities > Devellion > Cubecart > 3.0.7.pl1

DATE CVE VULNERABILITY TITLE RISK
2006-08-21 CVE-2006-4268 Input Validation vulnerability in CubeCart
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.
network
devellion
6.8
2006-08-21 CVE-2006-4267 Input Validation vulnerability in CubeCart
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
network
low complexity
devellion
7.5
2006-01-18 CVE-2006-0245 Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.7Pl1
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php.
network
devellion
4.3
2005-10-05 CVE-2005-3152 Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.3/3.0.7Pl1
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php.
network
devellion
4.3