Caupo
Products
3- 7 CVEs
- 7 CVEs
- 4 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-4832 | 0.03 | — | 0.03 | Dec 15, 2011 | Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action. | |||
| CVE-2008-2866 | 0.03 | — | 0.01 | Jun 25, 2008 | SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter. | |||
| CVE-2007-5784 | 0.03 | — | 0.02 | Nov 1, 2007 | PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | |||
| CVE-2022-1909 | 0.00 | — | 0.01 | May 27, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | |||
| CVE-2022-1698 | 0.00 | — | 0.01 | May 12, 2022 | Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||
| CVE-2022-1699 | 0.00 | — | 0.01 | May 12, 2022 | Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||
| CVE-2022-1347 | 0.00 | — | 0.01 | Apr 13, 2022 | Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation | |||
| CVE-2022-1345 | 0.00 | — | 0.01 | Apr 13, 2022 | Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||
| CVE-2022-1346 | 0.00 | — | 0.01 | Apr 13, 2022 | Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||
| CVE-2022-1344 | 0.00 | — | 0.01 | Apr 13, 2022 | Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||
| CVE-2002-0439 | 0.00 | — | 0.02 | Jul 26, 2002 | Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message… |
- CVE-2011-4832Dec 15, 2011risk 0.03cvss —epss 0.03
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.
- CVE-2008-2866Jun 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
- CVE-2007-5784Nov 1, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
- CVE-2022-1909May 27, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
- CVE-2022-1698May 12, 2022risk 0.00cvss —epss 0.01
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
- CVE-2022-1699May 12, 2022risk 0.00cvss —epss 0.01
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
- CVE-2022-1347Apr 13, 2022risk 0.00cvss —epss 0.01
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
- CVE-2022-1345Apr 13, 2022risk 0.00cvss —epss 0.01
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
- CVE-2022-1346Apr 13, 2022risk 0.00cvss —epss 0.01
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
- CVE-2022-1344Apr 13, 2022risk 0.00cvss —epss 0.01
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
- CVE-2002-0439Jul 26, 2002risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message…