Summary
The remote host runs CubeCart, is an eCommerce script written with PHP & MySQL.
This version is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data.
Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server.
Solution
Upgrade to version 2.0.5 or higher
Severity
Classification
-
CVE CVE-2005-0442, CVE-2005-0443 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Tomcat DOS Device Name XSS
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability