Vulnerabilities (CVE)

Filtered by vendor Comersus Open Technologies Subscribe
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3323 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2.
CVE-2007-3324 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.
CVE-2005-1010 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username.
CVE-2005-0302 1 Comersus Open Technologies 1 Comersus Backoffice Lite 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
CVE-2005-3285 1 Comersus Open Technologies 1 Comersus Backoffice Plus 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
CVE-2005-2191 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp.
CVE-2005-3397 1 Comersus Open Technologies 2 Comersus Backoffice Lite, Comersus Backoffice Plus 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
CVE-2005-0301 1 Comersus Open Technologies 1 Comersus Backoffice Lite 2024-02-28 7.5 HIGH N/A
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
CVE-2005-1188 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.
CVE-2005-0303 1 Comersus Open Technologies 1 Comersus Backoffice Lite 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2005-2190 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.
CVE-2004-1656 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 5.0 MEDIUM N/A
CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.
CVE-2004-0682 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 7.5 HIGH N/A
comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.
CVE-2004-0681 1 Comersus Open Technologies 1 Comersus Cart 2024-02-28 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.