Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.
Max CVSS
4.3
EPSS Score
0.16%
Published
2014-10-21
Updated
2017-09-08
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
Max CVSS
7.5
EPSS Score
0.10%
Published
2011-10-05
Updated
2012-02-14
Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.
Max CVSS
4.3
EPSS Score
0.19%
Published
2010-04-16
Updated
2018-10-10
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!