Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
actinic actinic catalog 4.7 |