Vulnerabilities > Early Impact > Productcart > 1.6b
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2174 | Multiple vulnerability in EarlyImpact ProductCart Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter. network early-impact | 4.3 |
2004-12-31 | CVE-2004-2173 | Multiple vulnerability in EarlyImpact ProductCart SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter. | 7.5 |
2003-12-31 | CVE-2003-1304 | Unspecified vulnerability in Early Impact Productcart EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | 5.0 |
2003-08-18 | CVE-2003-0523 | Cross-Site Scripting vulnerability in ProductCart Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter. network early-impact | 6.8 |
2003-08-18 | CVE-2003-0522 | SQL-Injection vulnerability in ProductCart Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp. | 10.0 |