2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the a parameter in a searchStr action and the 2 Submit parameter...
CVE-2008-1550
CubeCart 4.2.1 has multiple XSS vulnerabilities in index.php exploitable via the _a parameter in a searchStr action and the Submit parameter, allowing remote attackers to inject arbitrary script/HTML. The NVD entry notes a Medium base score (CVSS v2: AV:N/AC:M/Au:N/C:N/I:P/A:N) with partial integ...