CVE-2004-0681
published 2004-08-06CVE-2004-0681: Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3)…
PriorityP422medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.04%
78.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| comersus_open_technologies | comersus_cart | — | — |
| comersus_open_technologies | comersus_cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fcg2-3xr7-ff6g: Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-3324 [MEDIUM] GHSA-fcg2-3xr7-ff6g: Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7
Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.
GHSA
GHSA-j2m8-jf3j-3grm: Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm
ghsa_unreviewed·2022-04-29
CVE-2004-0681 [MEDIUM] GHSA-j2m8-jf3j-3grm: Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.
No detection rules found.
No writeups or analysis indexed.
2004-08-06
Published