CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-3830 – TomatoCart 1.x Cross Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2014-3830
Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter. Vulnerabilidad de XSS en info.php en TomatoCart 1.1.8.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro faqs_id. TomatoCart version 1.x (latest-stable) suffers from cross site scripting and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/127785/TomatoCart-1.x-Cross-Site-Scripting-SQL-Injection.html https://breaking.technology/advisories/CVE-2014-3830.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-3978 – TomatoCart 1.x - SQL Injection
https://notcve.org/view.php?id=CVE-2014-3978
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. Vulnerabilidad de inyección SQL en TomatoCart 1.1.8.6.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de los campos First Name y Last Name en un contacto del libro nuevo de direcciones. TomatoCart version 1.x (latest-stable) suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/34308 http://packetstormsecurity.com/files/127785/TomatoCart-1.x-Cross-Site-Scripting-SQL-Injection.html https://breaking.technology/advisories/CVE-2014-3978.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •