Vulnerabilities > CVE-2007-3324 - Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Comersus Cart 7.0.7 Cart comersus_message.asp redirectUrl XSS. CVE-2007-3324. Webapps exploit for asp platform id EDB-ID:30205 last seen 2016-02-03 modified 2007-06-20 published 2007-06-20 reporter Doz source https://www.exploit-db.com/download/30205/ title Comersus Cart 7.0.7 Cart comersus_message.asp redirectUrl XSS description Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS. CVE-2007-3324. Webapps exploit for asp platform id EDB-ID:30204 last seen 2016-02-03 modified 2007-06-20 published 2007-06-20 reporter Doz source https://www.exploit-db.com/download/30204/ title Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS