CVEDB API

Vulnerabilities

Vulnerable Software

Dragonfrugal: Security Vulnerabilities

CVE-2010-1541

Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php.

CVSS Score

4.3

EPSS Score

0.003

Published

2010-04-26

CVE-2010-1542

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.

CVSS Score

6.8

EPSS Score

0.001

Published

2010-04-26

CVE-2007-5136

Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.003

Published

2007-09-28

CVE-2007-5098

Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.

CVSS Score

6.8

EPSS Score

0.374

Published

2007-09-26

Page 1

Vulnerabilities

Vulnerable Software

Dragonfrugal: Security Vulnerabilities

Products

Pricing

Contact Us