{"href": "https://www.seebug.org/vuldb/ssvid-81328", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "NextAge Shopping Cart Multiple HTML Injection Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-81328", "cvelist": [], "description": "No description provided by source.", "viewCount": 4, "published": "2014-07-01T00:00:00", "sourceData": "\n source: http://www.securityfocus.com/bid/17685/info\r\n\r\nNextAge Shopping Cart is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content. \r\n\r\nAttacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.\r\n\r\n<form method="pst" action="http://www.example.com/[admin_Path]/index.php">\r\n<input type="text" name="txtuserid" class="INPUT" size="30" value="xss injection code">\r\n<br>\r\n<input type="password" name="txtpass" class="INPUT" size="30" value="xss injection code">\r\n<br>\r\n<input <input type="submit" value="submit" class="button">\r\n</form>\n ", "id": "SSV:81328", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T16:13:12", "reporter": "Root", "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647831553, "score": 1659785532, "epss": 1678850553}}
NextAge Shopping Cart Multiple HTML Injection Vulnerabilities