Vulners
Lucene search
Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting
source: https://www.securityfocus.com/bid/3714/info
Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl.
Aktivate is prone to cross-site scripting attacks. It is possible to construct a link containing arbitrary script code to a website running Aktivate. When a user browses the link, the script code will be executed on the user in the context of the site hosting the affected software.
The impact of this issue is that the attacker is able to hijack a legitimate web user's session, by stealing cookie-based authentication credentials. Other cross-site scripting attacks are also possible.
Aktivate 1.03 is known to be vulnerable, other versions may also be affected.
https://host/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert(document.domain)</script> Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Dec 2001 00:00Current
7.4High risk
Vulners AI Score7.4