VYPR
Unrated severityNVD Advisory· Published Jan 20, 2011· Updated Jun 16, 2026

CVE-2011-0504

CVE-2011-0504

Description

Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Joomla/Vam Shop2 versions
    cpe:2.3:a:vamshop:vam_shop:1.6:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vamshop:vam_shop:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:vamshop:vam_shop:1.6.1:*:*:*:*:*:*:*
  • VAM/Shopllm-create
    Range: <=1.6.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.