VYPR

Vam Shop

by Joomla

CVEs (2)

  • CVE-2011-0504Jan 20, 2011
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME…

  • CVE-2011-0503Jan 20, 2011
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via…