CVEDB API

Vulnerabilities

Vulnerable Software

Xt-Commerce: >> Xt-Commerce >> 2.0 Security Vulnerabilities

CVE-2008-6304

SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

6.8

EPSS Score

0.005

Published

2009-02-26

CVE-2008-6044

Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

CVSS Score

4.3

EPSS Score

0.004

Published

2009-02-03

CVE-2008-6045

Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.

CVSS Score

6.8

EPSS Score

0.013

Published

2009-02-03

CVE-2007-1126

Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

CVSS Score

5.0

EPSS Score

0.06

Published

2007-02-27

Page 1

Vulnerabilities

Vulnerable Software

Xt-Commerce: >> Xt-Commerce >> 2.0 Security Vulnerabilities

Products

Pricing

Contact Us