CVE-2011-0504
20.01.2011, 19:00
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
| Vendor | Product | Version |
|---|---|---|
| vamshop | vam_shop | 1.6 |
| vamshop | vam_shop | 1.6.1 |
𝑥
= Vulnerable software versions
References