CVE-2010-1486

CactuShop <6.155 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.

Exploits (1)

exploitdb WRITEUP VERIFIED
by 7Safe · textwebappsasp
https://www.exploit-db.com/exploits/12329

References (2)

Scores

EPSS 0.0044
EPSS Percentile 62.8%

Classification

CWE
CWE-79
Status published

Affected Products (10)

cactushop/cactushop < 6.1
cactushop/cactushop
cactushop/cactushop
cactushop/cactushop
cactushop/cactushop
cactushop/cactushop
cactushop/cactushop
cactushop/cactushop
cactushop/cactushop
n/a/n/a

Timeline

Published Apr 22, 2010
Tracked Since Feb 18, 2026