Talentsoft: >> Web+ Shop Security Vulnerabilities
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-04-20
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-04-11