3 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the 3 redir, 4 productId, 5 docId, 6 act, and 7 catId parameters in index.php; and the 8 username field in a login action in index.php. NOTE: the cart.php/redi...
CubeCart < 3.0.4 Multiple Script XSS
The remote version of CubeCart contains several cross-site scripting vulnerabilities due to its failure to properly sanitize user-supplied input of certain variables to the 'index.php' and 'cart.php' scripts. %NASLMINLEVEL 70300 Josh Zlatin-Amishav This script is released under the GNU GPLv2...
CVE-2005-3152
Multiple cross-site scripting XSS vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to 1 cart.php or 2 index.php, or 3 the searchStr parameter in a viewCat action to index.php. Note: vectors 1 and 2 were later reported to affec...