Comersus Open Technologies : Security vulnerabilities, CVEs published in 2004

Copy

CVE-2004-1656

CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.

Max CVSS

5.0

EPSS Score

1.72%

Published

2004-09-01

Updated

2017-07-11

CVE-2004-0682

comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.

Max CVSS

7.5

EPSS Score

4.53%

Published

2004-08-06

Updated

2017-07-11

CVE-2004-0681

Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.

Max CVSS

6.8

EPSS Score

0.49%

Published

2004-08-06

Updated

2017-07-11

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!