Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6646

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6646
Last Modified 15 Nov 2008 12:00:00
Published 03 Jan 2008 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6646

Summary

Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.

Vulnerable Systems

Application

  • Integry Systems Livecart 1.0.1


References

XF - livecart-multiple-xss(39305)

SECTRACK - 1019151

BID - 27087

BUGTRAQ - 20071230 LiveCart Multiple Cross-Site Scripting Vulnerabilities

MISC - http://www.hackerscenter.com/archive/view.asp?id=28144

SREASON - 3512

SECUNIA - 28017

OSVDB - 39758

OSVDB - 39757

OSVDB - 39756

CONFIRM - http://livecart.com/news/Major-update-LiveCart-1-1-0.8

BUGTRAQ - 20080201 LiveCart XSS vulnerability fixed since version 1.1.0


Last Updated: 27 May 2016 10:46:35