Lucene search

[email protected]CVE-2010-4631

HistoryDec 30, 2010 - 9:00 p.m.

CVE-2010-4631

2010-12-3021:00:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4631

xss

aspilot

pilot cart 7.3

security

vulnerability

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.

Affected configurations

NVD

Node

pilotcartpilot_cartMatch7.3

CPENameOperatorVersion
pilotcart:pilot_cartpilotcart pilot carteq7.3

CPE	Name	Operator	Version
pilotcart:pilot_cart	pilotcart pilot cart	eq	7.3

References

advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html

marc.info/?l=full-disclosure&m=128913521908405&w=2

packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt

secunia.com/advisories/30176

www.exploit-db.com/exploits/15448

www.securityfocus.com/bid/44698

exchange.xforce.ibmcloud.com/vulnerabilities/63053

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2010-4631

nvd1 cvelist1 prion1