CVE-2002-0439

Published Jul 26, 2002

Last updated 16 years ago

Overview

Description: Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:caupo.net:cauposhop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4D55637-B238-40B1-856A-C571E2958D16",
            "versionEndIncluding": "1.30a"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References