Summary
asaanCart is prone to multiple input-validation vulnerabilities, including:
1. Multiple HTML-injection vulnerabilities
2. A local file-include vulnerability
3. A cross-site scripting vulnerability
Exploiting these issues could allow an attacker to execute arbitrary script code in the browser, steal cookie-based authentication credentials, control how the site is rendered to the user, view files, and execute local scripts.
asaanCart 0.9 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVE CVE-2012-5330, CVE-2012-5331 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability