Vulnerabilities (CVE)

Filtered by vendor Obie Website Subscribe
Filtered by product Mini Web Shop
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6734 1 Obie Website 1 Mini Web Shop 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
CVE-2006-6735 1 Obie Website 1 Mini Web Shop 2024-02-28 5.0 MEDIUM N/A
modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.
CVE-2007-2532 1 Obie Website 1 Mini Web Shop 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.