Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3152

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3152
Last Modified 07 Mar 2011 09:25:53
Published 05 Oct 2005 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3152

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.

Vulnerable Systems

Application

  • Devellion Cubecart 3.0.3

  • Devellion Cubecart 3.0.7-pl1


References

BID - 14962

SECTRACK - 1014984

MISC - http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html

MISC - http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html

MISC - http://bugs.cubecart.com/?do=details&id=459

CONFIRM - http://bugs.cubecart.com/?do=details&id=363

XF - cubecart-index-script-xss(24177)

SREASON - 35


Last Updated: 27 May 2016 10:40:49