CVE-2002-0439

Name of the Vulnerable Software and Affected Versions CaupoShop versions 1.30a and earlier CaupoShopPro (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary Javascript, potentially leading to the theft of credit card numbers or deletion of items. This is achieved by injecting a script into new customer information fields, such as the message field.

Recommendations For CaupoShop versions 1.30a and earlier, update to a version later than 1.30a to resolve the issue. For CaupoShopPro, at the moment, there is no information about a newer version that contains a fix for this vulnerability.