Lucene search

livecart-xss.txt

🗓️ 31 Dec 2007 00:00:00Reported by DoZType

packetstorm🔗 packetstormsecurity.com👁 21 Views

LiveCart PHP/MySQL shopping cart multiple XSS vulnerabilities. Attackers execute arbitrary script code in browser to steal authentication credentials. Risk: Medium. Vendor: livecart.com

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

` [HSC] LiveCart Multiple Cross-Site Scripting Vulnerabilities  
  
  
  
LiveCart is a new PHP/MySQL powered shopping cart software developed by  
Integry Systems.  
An attacker may leverage this issue to have arbitrary script code execute in  
the browser  
of an unsuspecting user in the context of the affected site. This may help  
the attacker  
steal cookie-based authentication credentials and launch other attacks.  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Risk: Medium  
Class: Input Validation Error  
Remote: YES  
  
Vendor: http://livecart.com  
Version: 1.0.1  
  
  
  
* Attackers can exploit these issues via a web client.  
  
  
Exploit Path:  
  
  
http://www.site.com/user/remindPassword?return=XSS  
  
http://www.site.com/category?id=1&q=XSS  
  
http://www.site.com/order?return=order/XSS  
  
http://www.site.com/user/remindComplete?email=XSS  
  
  
Reference: http://www.hackerscenter.com/archive/view.asp?id=28144  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Dec 2007 00:00Current

7.4High risk

Vulners AI Score7.4