AsaanCart Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

asaanCart is prone to multiple input-validation vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. A local file-include vulnerability 3. A cross-site scripting vulnerability Exploiting these issues could allow an attacker to execute arbitrary script code in the browser, steal cookie-based authentication credentials, control how the site is rendered to the user, view files, and execute local scripts. asaanCart 0.9 is vulnerable other versions may also be affected.

References

http://asaancart.wordpress.com
http://sourceforge.net/projects/asaancart/
http://www.securityfocus.com/bid/52498

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5330, CVE-2012-5331

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Open For Business HTML injection vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Tomcat Information Disclosure Vulnerability

asaanCart Multiple Input Validation Vulnerabilities

Take action and discover your vulnerabilities