|
|
Family: CGI abuses : XSS --> Category: infos
CubeCart settings.inc.php Cross-Site Scripting and Path Disclosure Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of CubeCart
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple issues.
Description :
According to its banner, the version of CubeCart installed on the
remote host suffers from multiple cross-site scripting and path
disclosure vulnerabilities due to a failure to sanitize user input in
'admin/settings.inc.php', which is used by various scripts.
See also :
http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html
http://www.cubecart.com/site/forums/index.php?showtopic=6032
Solution :
Upgrade to CubeCart 2.0.6 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
