Vulnerabilities > CVE-2005-3152 - Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.3/3.0.7Pl1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description CubeCart 3.0.3 index.php Multiple Parameter XSS. CVE-2005-3152. Webapps exploit for php platform id EDB-ID:26303 last seen 2016-02-03 modified 2005-09-28 published 2005-09-28 reporter Lostmon source https://www.exploit-db.com/download/26303/ title CubeCart 3.0.3 index.php Multiple Parameter XSS description CubeCart 3.0.3 cart.php redir Parameter XSS. CVE-2005-3152. Webapps exploit for php platform id EDB-ID:26304 last seen 2016-02-03 modified 2005-09-28 published 2005-09-28 reporter Lostmon source https://www.exploit-db.com/download/26304/ title CubeCart 3.0.3 cart.php redir Parameter XSS
Nessus
NASL family | CGI abuses : XSS |
NASL id | CUBECART_XSS.NASL |
description | The remote version of CubeCart contains several cross-site scripting vulnerabilities due to its failure to properly sanitize user-supplied input of certain variables to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19945 |
published | 2005-10-06 |
reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
source | https://www.tenable.com/plugins/nessus/19945 |
title | CubeCart < 3.0.4 Multiple Script XSS |
code |
|
References
- http://bugs.cubecart.com/?do=details&id=363
- http://bugs.cubecart.com/?do=details&id=459
- http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html
- http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
- http://securityreason.com/securityalert/35
- http://securitytracker.com/id?1014984
- http://www.securityfocus.com/bid/14962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24177