Vulnerabilities > Virtual Programming > VP ASP > 4.50
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2413 | SQL Injection vulnerability in Virtual Programming VP-ASP Shopproductselect Script SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2412 | SQL Injection vulnerability in Virtual Programming VP-ASP Shopping Cart CatalogID Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2411 | Cross-Site Scripting vulnerability in Virtual Programming VP-ASP Shopping Cart Shop$DB.Asp 4.0/4.50/5.0 The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors. network virtual-programming | 4.3 |