Vulnerabilities > Qualiteam > X Cart > 3.4.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-7220 | Cross-site Scripting vulnerability in Qualiteam X-Cart X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. | 4.3 |
| 2015-07-08 | CVE-2015-5455 | Cross-site Scripting vulnerability in Qualiteam X-Cart Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/. | 4.3 |
| 2015-04-05 | CVE-2015-0951 | Permissions, Privileges, and Access Controls vulnerability in Qualiteam X-Cart X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | 6.5 |
| 2015-01-26 | CVE-2015-1178 | Cross-site Scripting vulnerability in Qualiteam X-Cart Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter. | 4.3 |
| 2006-09-21 | CVE-2006-4904 | Unspecified vulnerability in Qualiteam X-Cart Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. | 7.5 |
| 2004-11-23 | CVE-2004-0242 | Remote Information Disclosure vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | 5.0 |
| 2004-11-23 | CVE-2004-0241 | Remote Command Execution vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | 10.0 |
| 2004-11-23 | CVE-2004-0240 | Directory Traversal vulnerability in X-Cart Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. | 5.0 |