Vulnerabilities > Devellion > Cubecart > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0606 | Cross-Site Scripting vulnerability in CubeCart Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. network devellion | 4.3 |
| 2005-05-02 | CVE-2005-0443 | Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4 index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. network devellion | 4.3 |
| 2005-05-02 | CVE-2005-0442 | Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4 Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1579 | Information Disclosure vulnerability in Devellion Cubecart 2.0.1 index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | 5.0 |