Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CaupoShop用户信息跨站脚本执行漏洞
Vulnerability Description
CaupoShop是一款基于WEB的电子购物系统,由PHP实现,使用在Linux,windows或者其他Unix系统平台上。 CaupoShop对在用户信息域中的输入过滤上存在漏洞,可导致远程攻击者利用用户信息域插入Javascript代码对其他浏览用户进行跨站脚本执行攻击。 当注册一个新的客户时,CaupoShop对用户信息域的输入没有进行过滤,攻击者可以插入恶意脚本代码,当管理员在管理域中查看客户列表的时候导致脚本代码被执行,可导致泄露用户信息,改变用户密码或者帖子等问题。 其他早期版本也应该存在此漏
CVSS Information
N/A
Vulnerability Type
N/A