Interchange
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2004-0374 | 0.04 | — | 0.08 | May 4, 2004 | Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. | ||
| CVE-2008-6945 | 0.00 | — | 0.01 | Aug 12, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature. | ||
| CVE-2008-2423 | 0.00 | — | 0.04 | May 23, 2008 | Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635. | ||
| CVE-2008-2424 | 0.00 | — | 0.00 | May 23, 2008 | Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors. | ||
| CVE-2007-2635 | 0.00 | — | 0.02 | May 13, 2007 | Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | ||
| CVE-2005-3072 | 0.00 | — | 0.01 | Sep 27, 2005 | SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||
| CVE-2005-3073 | 0.00 | — | 0.01 | Sep 27, 2005 | Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page. |
- CVE-2004-0374May 4, 2004risk 0.04cvss —epss 0.08
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
- CVE-2008-6945Aug 12, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
- CVE-2008-2423May 23, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.
- CVE-2008-2424May 23, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.
- CVE-2007-2635May 13, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
- CVE-2005-3072Sep 27, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
- CVE-2005-3073Sep 27, 2005risk 0.00cvss —epss 0.01
Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.