MidnightBSD

Advisories for kryptronic

CVE-2002-2310 MEDIUM

ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
kryptronic clickcartpro 4.0
CVE-2005-4293 MEDIUM

Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kryptronic clickcartpro 4.0
kryptronic clickcartpro 5.1
kryptronic clickcartpro 3.3
kryptronic clickcartpro 3.6
kryptronic clickcartpro 3.1
kryptronic clickcartpro 5.0
kryptronic clickcartpro 3.0
kryptronic clickcartpro 3.2
kryptronic clickcartpro 3.5
kryptronic clickcartpro 2.0
kryptronic clickcartpro 3.4
kryptronic clickcartpro 1.0