Ecw Shop
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2622 | 0.00 | — | 0.00 | Aug 19, 2005 | Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. | |||
| CVE-2005-2621 | 0.00 | — | 0.00 | Aug 19, 2005 | index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability. | |||
| CVE-2005-2623 | 0.00 | — | 0.00 | Aug 19, 2005 | ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost. | |||
| CVE-2003-1231 | 0.00 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
- CVE-2005-2622Aug 19, 2005risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter.
- CVE-2005-2621Aug 19, 2005risk 0.00cvss —epss 0.00
index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability.
- CVE-2005-2623Aug 19, 2005risk 0.00cvss —epss 0.00
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.
- CVE-2003-1231Dec 31, 2003risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.