Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote malicious users to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vamshop vam shop 1.6.1 |
||
vamshop vam shop 1.6 |