Summary
Bonza Digital Cart Script is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Alchemy Eye HTTP Command Execution
- Apache Struts ClassLoader Manipulation Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities