Cpcommerce » Cpcommerce : Security Vulnerabilities, CVEs, Published In 2008 (XSS)
Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.
Max CVSS
4.3
EPSS Score
0.13%
Published
2008-10-21
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.
Max CVSS
4.3
EPSS Score
0.41%
Published
2008-10-21
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
Max CVSS
4.3
EPSS Score
0.38%
Published
2008-04-22
Updated
2017-09-29
3 vulnerabilities found