|
|
Family: CGI abuses --> Category: attack
ProductCart Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in ProductCart
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP script that is affected by
several flaws.
Description :
The remote host is running a version of the ProductCart shopping cart
software that suffers from several input validation vulnerabilities:
- SQL Injection Vulnerabilities
The 'advSearch_h.asp' script fails to sanitize user input to
the 'idCategory', and 'resultCnt' parameters, allowing an
attacker to manipulate SQL queries.
- Multiple Cross-Site Scripting Vulnerabilities
The application fails to sanitize user input via the
'redirectUrl' parameter of the 'NewCust.asp' script, the
'country' parameter of the 'storelocator_submit.asp' script,
the 'error' parameter of the 'techErr.asp' script, and the
'keyword' parameter of the 'advSearch_h.asp' script before
using it in dynamically generated web content. A possible hacker
can exploit these flaws to cause arbitrary HTML and script
code to be executed in a user's browser in the context of
the affected website.
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
