Whitaker & Associates Cart32 GetLatestBuilds Script

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

mcmurtrey-whitaker-and-associates

exploit available

NVD

Published: 2004-08-06

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.

Vulnerable Configurations

Part	Description	Count
Application	Mcmurtrey_Whitaker_And_Associates Mcmurtrey Whitaker AND Associates Cart32 2.5A Mcmurtrey Whitaker AND Associates Cart32 2.6 Mcmurtrey Whitaker AND Associates Cart32 3.0 Mcmurtrey Whitaker AND Associates Cart32 3.1 Mcmurtrey Whitaker AND Associates Cart32 3.5 Mcmurtrey Whitaker AND Associates Cart32 3.5_Build619 Mcmurtrey Whitaker AND Associates Cart32 3.5A Mcmurtrey Whitaker AND Associates Cart32 3.5A_Build710 Mcmurtrey Whitaker AND Associates Cart32 4.4 Mcmurtrey Whitaker AND Associates Cart32 5.0	10

Exploit-Db

description	McMurtrey/Whitaker & Associates Cart32 2-5 GetLatestBuilds Script Cross-Site Scripting Vulnerability. CVE-2004-0675 . Webapps exploit for cgi platform
id	EDB-ID:24236
last seen	2016-02-02
modified	2004-06-28
published	2004-06-28
reporter	Dr.Ponidi Haryanto
source	https://www.exploit-db.com/download/24236/
title	McMurtrey/Whitaker & Associates Cart32 2-5 GetLatestBuilds Script Cross-Site Scripting Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References