ID |
CVE-2002-0439
|
Summary |
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 05-09-2008 - 20:28) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 4270 | bugtraq | 20020311 CaupoShop: cross-site-scripting bug | xf | cauposhop-user-info-css(8431) |
|
Last major update |
05-09-2008 - 20:28 |
Published |
26-07-2002 - 04:00 |
Last modified |
05-09-2008 - 20:28 |