Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cactushop | cactushop | 5.1 |
| cactushop | cactushop | 4.6 |
| cactushop | cactushop | 5.0 |
| cactushop | cactushop | 4 |
| cactushop | cactushop | 4.5 |
| cactushop | cactushop | 4.7 |
| cactushop | cactushop | 3 |
| cactushop | cactushop | * |
| cactushop | cactushop | 4.1 |