5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
82.5%
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.
CPE | Name | Operator | Version |
---|---|---|---|
devellion:cubecart | devellion cubecart | eq | 3.0.3 |
devellion:cubecart | devellion cubecart | eq | 3.0.7-pl1 |
bugs.cubecart.com/?do=details&id=363
bugs.cubecart.com/?do=details&id=459
lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html
lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
securityreason.com/securityalert/35
securitytracker.com/id?1014984
www.securityfocus.com/bid/14962
exchange.xforce.ibmcloud.com/vulnerabilities/24177