Lucene search
HistoryJun 21, 2007 - 6:30 p.m.
CVE-2007-3324
cve-2007-3324
cross-site scripting
xss
comersus cart 7.07
web security
vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.2%
Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.
Affected configurations
Node
comersus_open_technologiescomersus_cartMatch7.07
| CPE | Name | Operator | Version |
|---|---|---|---|
| comersus_open_technologies:comersus_cart | comersus open technologies comersus cart | eq | 7.07 |
Related
cvelist
cvelist
CVE-2007-3324
2007-06-21 18:00:00
CVE-2004-0681
2004-07-13 04:00:00
nvd
nvd
CVE-2007-3324
2007-06-21 18:30:00
CVE-2004-0681
2004-08-06 04:00:00
prion
prion
Cross site scripting
2007-06-21 18:30:00
cve
cve
CVE-2004-0681
2004-08-06 04:00:00
openvas
openvas
Comersus Cart Cross-Site Scripting Vulnerability
2005-11-03 00:00:00
Comersus Cart Cross-Site Scripting Vulnerability
2005-11-03 00:00:00
nessus
nessus
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
2004-08-02 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.2%
Related for CVE-2007-3324