BestShopPro is prone to cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
- Bugzilla 'localconfig' Information Disclosure Vulnerability
- Firefox Information Disclosure Vulnerability Jan09 (Linux)
- phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
- phpWebSite 'local' Parameter Cross Site Scripting Vulnerability
- Nagios XI 'users.php' Multiple Cross-Site Scripting Vulnerabilities