CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-6969

Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://holisticinfosec.org/content/view/81/45/
http://osvdb.org/47946
http://secunia.com/advisories/31768
http://www.avactis.com/forums/index.php?showtopic=3577
http://www.securityfocus.com/bid/31054
https://exchange.xforce.ibmcloud.com/vulnerabilities/44929
http://holisticinfosec.org/content/view/81/45/
http://osvdb.org/47946
http://secunia.com/advisories/31768
http://www.avactis.com/forums/index.php?showtopic=3577
http://www.securityfocus.com/bid/31054
https://exchange.xforce.ibmcloud.com/vulnerabilities/44929

Products affected by CVE-2008-6969

Pentasoft Corp. » Avactis Shopping Cart » Version: 1.8.0

cpe:2.3:a:pentasoft_corp.:avactis_shopping_cart:1.8.0
Pentasoft Corp. » Avactis Shopping Cart » Version: 1.8.1

cpe:2.3:a:pentasoft_corp.:avactis_shopping_cart:1.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6969

Products

Pricing

Contact Us