RSS   Podatności dla 'Web+ shop'   RSS

2006-04-20
 
CVE-2006-1897

CWE-Other
 

 
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.

 
2006-04-10
 
CVE-2006-1682

 

 
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.

 

 >>> Vendor: Talentsoft 3 Produkty
WEB+
Web+ server
Web+ shop


Copyright 2024, cxsecurity.com

 

Back to Top