CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
82.8%
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.
bugs.cubecart.com/?do=details&id=363
bugs.cubecart.com/?do=details&id=459
lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html
lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
securityreason.com/securityalert/35
securitytracker.com/id?1014984
www.securityfocus.com/bid/14962
exchange.xforce.ibmcloud.com/vulnerabilities/24177