Cross site scripting

2010-12-3021:00:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.

CPENameOperatorVersion
pilot_carteq7.3

CPE	Name	Operator	Version
	pilot_cart	eq	7.3

References

advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html

packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt

secunia.com/advisories/30176

www.securityfocus.com/bid/44698

exchange.xforce.ibmcloud.com/vulnerabilities/63053

marc.info/?l=full-disclosure&m=128913521908405&w=2

www.exploit-db.com/exploits/15448