Talentsoft » Web+ Shop : Security Vulnerabilities, CVEs,
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
Max CVSS
5.0
EPSS Score
0.91%
Published
2006-04-20
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
Max CVSS
4.3
EPSS Score
0.79%
Published
2006-04-11
Updated
2017-07-20
2 vulnerabilities found