Vulnerabilities > CVE-2007-3324 - Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

comersus-open-technologies

exploit available

NVD

Published: 2007-06-21

Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.

Vulnerable Configurations

Part	Description	Count
Application	Comersus_Open_Technologies Comersus Open Technologies Comersus Cart 7.07	1

Exploit-Db

description	Comersus Cart 7.0.7 Cart comersus_message.asp redirectUrl XSS. CVE-2007-3324. Webapps exploit for asp platform
id	EDB-ID:30205
last seen	2016-02-03
modified	2007-06-20
published	2007-06-20
reporter	Doz
source	https://www.exploit-db.com/download/30205/
title	Comersus Cart 7.0.7 Cart comersus_message.asp redirectUrl XSS

description	Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS. CVE-2007-3324. Webapps exploit for asp platform
id	EDB-ID:30204
last seen	2016-02-03
modified	2007-06-20
published	2007-06-20
reporter	Doz
source	https://www.exploit-db.com/download/30204/
title	Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS

Summary

Vulnerable Configurations

Exploit-Db

References