Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-1906

Published: 22/04/2008 Updated: 29/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a view.year action.

Vulnerable Product Search on Vulmon Subscribe to Product

cpcommerce cpcommerce 1.1.0

Exploits

Exploit DB: CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion
########################## wwwBugReportir ######################### # # AmnPardaz Security Research Team # # Title: cpCommerce Multiple Vulnerabilities # Vendor: cpcommercecpradioorg # Bugs: XSS, SQL Injection , Local File Inclusion # Vulnerable Version: 110 (prior versions also may be affected) # Exploitation: Remote with browser ...

References

CWE-79http://bugreport.ir/index.php?/34http://www.securityfocus.com/bid/28755http://secunia.com/advisories/29807http://www.vupen.com/english/advisories/2008/1213/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41780https://www.exploit-db.com/exploits/5437https://nvd.nist.govhttps://www.exploit-db.com/exploits/5437/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-33545CVE-2024-35725CVE-2024-32704overflowfile uploadCVE-2024-0230CVE-2024-32705CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook