Cosmoshop

cosmoshop

Vendor: Zaunz Gmbh • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

1Zaunz Gmbh

1Cosmoshop

May 6, 2026

Jan 1, 2015

N/A· v4

N/A· v3

6.8 MEDIUM· v2

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a se...Show more

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action.Show less

1Zaunz Gmbh

1Cosmoshop

May 6, 2026

Jan 1, 2015

N/A· v4

N/A· v3

4.3 MEDIUM· v2

Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ param...Show more

Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suchbegriff parameter to cgi-bin/admin/shophilfe_suche.cgi.Show less