Description
Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter.
Exploits (1)
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://websecurity.com.ua/4512/
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8381
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/63157
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42132
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44763
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514672/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/69101
Scores
EPSS
0.0066
EPSS Percentile
71.1%
Details
CWE
CWE-79
Status
published
Products (1)
phpshop/phpshop
< 2.1
Published
Sep 14, 2011
Tracked Since
Feb 18, 2026