|
Family: CGI abuses : XSS --> Category: attack
Multiple CubeCart XSS vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for XSS in index.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains several PHP scripts that are prone to
cross-site scripting attacks.
Description :
The remote version of CubeCart contains several cross-site scripting
vulnerabilities to due to its failure to properly sanitize user-supplied
input of certain variables to the 'index.php' and 'cart.php' scripts.
See also :
http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html
Solution :
Upgrade to CubeCart version 3.0.4 or later.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|