Family: CGI abuses : XSS --> Category: infos
Comersus Cart Username Field HTML Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for username field HTML injection vulnerability in Comersus Cart
Detailed Explanation for this Vulnerability Test
The remote web server contains an ASP script that is affected by a
cross-site scripting flaw.
According to its banner, the remote host is running a version of
Comersus Cart that fails to properly sanitize user input to the
'Username' field. A possible hacker can exploit this vulnerability to cause
arbitrary HTML and script code to be executed by a user's browser in
the context of the affected web site when a user views the username
eg, in the admin pages.
Upgrade to a version of Comersus Cart newer than 6.03.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.