Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3323 | 1 Comersus Open Technologies | 1 Comersus Cart | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2. | |||||
| CVE-2007-3324 | 1 Comersus Open Technologies | 1 Comersus Cart | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. | |||||
| CVE-2005-1188 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. | |||||
| CVE-2005-1010 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. | |||||
| CVE-2004-1656 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter. | |||||
| CVE-2004-0681 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter. | |||||
| CVE-2004-0682 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-10 | 7.5 HIGH | N/A |
| comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL. | |||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | |||||
| CVE-2005-2191 | 1 Comersus Open Technologies | 1 Comersus Cart | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. | |||||