CVE-2007-2804 in CandyPress Storeinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters.

Once again VulDB remains the best source for vulnerability data.

Reservation

05/22/2007

Disclosure

05/22/2007

CPE

ready

CVSS

4.3

EPSS

0.00507

Activities

Very Low

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2007-2804
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-2804
CVE Detailshttps://www.cvedetails.com/cve/CVE-2007-2804/

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!