Kryptronic: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2005-12-16
ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31