B3G0K

**Name of the Vulnerable Software and Affected Versions** CyberShop Ultimate E-commerce (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `ortak` or `kat` parameter in the default.asp file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MarmaraWeb E-commerce (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code via the `page` parameter to "index.php" API endpoint. This enables attackers to potentially gain control over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MarmaraWeb E-commerce (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `page` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alisveristr E-commerce (affected versions not specified) **Description** The issue concerns multiple SQL injection vulnerabilities that allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands. This is achieved via the `username` and `password` parameters in two locations: the user login and the administrator login pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.