VYPR
Vendor

Caupo

Products
3
CVEs
11
Across products
18
Status
Private

Products

3

Recent CVEs

11
  • CVE-2011-4832Dec 15, 2011
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.

  • CVE-2008-2866Jun 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.

  • CVE-2007-5784Nov 1, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

  • CVE-2022-1909May 27, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.

  • CVE-2022-1698May 12, 2022
    risk 0.00cvss epss 0.01

    Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

  • CVE-2022-1699May 12, 2022
    risk 0.00cvss epss 0.01

    Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

  • CVE-2022-1347Apr 13, 2022
    risk 0.00cvss epss 0.01

    Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation

  • CVE-2022-1345Apr 13, 2022
    risk 0.00cvss epss 0.01

    Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

  • CVE-2022-1346Apr 13, 2022
    risk 0.00cvss epss 0.01

    Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

  • CVE-2022-1344Apr 13, 2022
    risk 0.00cvss epss 0.01

    Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

  • CVE-2002-0439Jul 26, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message…