Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.
References 2 Total
- http://wiki.oxidforge.org/Security_bulletins/2014-001
- secunia.com: 57438 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- http://wiki.oxidforge.org/Security_bulletins/2014-001 x_transferred
- secunia.com: 57438 third-party-advisoryx_transferred