Vulnerabilities (CVE)

Filtered by vendor Icdevgroup Subscribe
Filtered by product Interchange
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6945 1 Icdevgroup 1 Interchange 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
CVE-2008-2424 1 Icdevgroup 1 Interchange 2024-11-21 10.0 HIGH N/A
Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.