Vulnerabilities > Devellion > Cubecart > 3.0.7

DATE CVE VULNERABILITY TITLE RISK
2006-08-21 CVE-2006-4268 Input Validation vulnerability in CubeCart
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.
network
devellion
6.8
2006-08-21 CVE-2006-4267 Input Validation vulnerability in CubeCart
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
network
low complexity
devellion
7.5