AbanteCart Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is installed with AbanteCart and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to version 1.1.4 or later, For updates refer to http://www.abantecart.com

Insight

Input passed via the 'limit', 'page', 'rt', 'sort', 'currency', 'product_id', 'language', 's', 'manufacturer_id', and 'token' GET parameters to index.php is not properly sanitized before being returned to the user.

Affected

AbanteCart version 1.1.3 and prior

References

http://cxsecurity.com/issue/WLB-2013020095
http://packetstormsecurity.com/files/120273
http://secunia.com/advisories/52165
http://www.osvdb.org/90225
http://www.securelist.com/en/advisories/52165
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5125.php
http://xforce.iss.net/xforce/xfdb/82073

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
/doc directory browsable ?

Take action and discover your vulnerabilities