Absane

#11776of 53,608
23.3Total CVSS
Vulnerabilities · 4
Medium
4
PT-2019-6990
4.3
2019-12-11
Cart66 · Cart66 Lite · CVE-2013-5978
**Name of the Vulnerable Software and Affected Versions** Cart66 Lite plugin versions prior to 1.5.1.15 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific fields, including the `Product name` and `Price description` fields, by making a request to "wp-admin/admin.php". **Recommendations** For versions prior to 1.5.1.15, update to version 1.5.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php" endpoint to minimize the risk of exploitation. Avoid using the `Product name` and `Price description` fields in the affected plugin until the issue is resolved.
PT-2018-4174
5.4
2018-03-20
Owncloud · Owncloud · CVE-2014-1665
**Name of the Vulnerable Software and Affected Versions** ownCloud versions prior to 6.0.1 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file, which is a cross-site scripting (XSS) vulnerability. **Recommendations** For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.
PT-2014-4635
6.8
2014-04-21
Cubecart · Cubecart · CVE-2014-2341
**Name of the Vulnerable Software and Affected Versions** CubeCart versions prior to 5.2.9 **Description** A session fixation issue allows remote attackers to hijack web sessions via the `PHPSESSID` parameter. **Recommendations** For versions prior to 5.2.9, update to version 5.2.9 or later to resolve the issue.
PT-2013-5899
6.8
2013-11-01
Cart66 · Cart66 Lite · CVE-2013-5977
**Name of the Vulnerable Software and Affected Versions** Cart66 Lite plugin versions prior to 1.5.1.15 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to create or modify products, or conduct cross-site scripting (XSS) attacks. This can be achieved via the `Product name` or `Price description` field in a product save action through a request to "wp-admin/admin.php". **Recommendations** For Cart66 Lite plugin versions prior to 1.5.1.15, update to version 1.5.1.15 or later to resolve the issue.