BestShopPro 'str' Parameter Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

BestShopPro is prone to cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

References

http://www.bst.pl/
http://www.securityfocus.com/bid/50490

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Fisheye Multiple Vulnerabilities
OTRS Rich-text-editor XSS Vulnerability
netjukebox 'skin' Parameter Cross Site Scripting Vulnerability
RemotelyAnywhere Cross Site Scripting
allocPSA 'login/login.php' Cross Site Scripting Vulnerability

BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities