Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vamshop | Vam Shop | 1.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/70429Exploit
- http://osvdb.org/70430
- http://secunia.com/advisories/42869Vendor Advisory
- http://www.exploit-db.com/exploits/15968Exploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop.htmlExploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop_1.htmlExploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop_2.htmlExploit
- http://www.securityfocus.com/archive/1/515615/100/0/threadedExploit
- http://www.securityfocus.com/archive/1/515619/100/0/threadedExploit
- http://www.securityfocus.com/archive/1/515620/100/0/threaded
- http://osvdb.org/70429Exploit
- http://osvdb.org/70430
- http://secunia.com/advisories/42869Vendor Advisory
- http://www.exploit-db.com/exploits/15968Exploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_vam_shop.htmlExploit
FAQ
What is CVE-2011-0504?
CVE-2011-0504 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to a...
How severe is CVE-2011-0504?
CVE-2011-0504 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0504?
Check the references section above for vendor advisories and patch information. Affected products include: Vamshop Vam Shop.