CandyPress Store ProdList.ASP Multiple Cross Site Scripting Vulnerabilities

CandyPress Store ProdList.ASP Multiple Cross Site Scripting Vulnerabilities

CandyPress Store is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

CandyPress Store 3.5.2.14 is vulnerable to these issues; other versions may also be affected.