Summary
Description :
The remote version of CubeCart contains several cross-site scripting vulnerabilities to due to its failure to properly sanitize user-supplied input of certain variables to the 'index.php' and 'cart.php' scripts.
Solution
Upgrade to CubeCart version 3.0.4 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-3152 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability