Vulnerabilities > Itechscripts > Proman Xpress

DATE CVE VULNERABILITY TITLE RISK
2012-08-13 CVE-2012-4266 Cross-Site Scripting vulnerability in Itechscripts Proman Xpress 5.0.1
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. 		4.3
4.3
2012-08-13 CVE-2012-4265 SQL Injection vulnerability in Itechscripts Proman Xpress 5.0.1
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
network
low complexity
itechscripts CWE-89
7.5
7.5