Multiple CubeCart XSS Vulnerabilities Network Vulnerability

Summary

Description : The remote version of CubeCart contains several cross-site scripting vulnerabilities to due to its failure to properly sanitize user-supplied input of certain variables to the 'index.php' and 'cart.php' scripts.

Solution

Upgrade to CubeCart version 3.0.4 or later.

References

http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3152

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Subversion Module Metadata Accessible
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability

Multiple CubeCart XSS vulnerabilities

Take action and discover your vulnerabilities