CVE-2008-6969
Pentasoft Corp. Avactis Shopping Cart - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.
References (6)
Scores
EPSS
0.0047
EPSS Percentile
64.5%
Classification
CWE
CWE-79
Status
published
Affected Products (3)
pentasoft_corp./avactis_shopping_cart
pentasoft_corp./avactis_shopping_cart
n/a/n/a
Timeline
Published
Aug 13, 2009
Tracked Since
Feb 18, 2026