Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4121

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4121
Last Modified 29 Oct 2012 11:16:42
Published 21 Oct 2008 02:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4121

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php.

Vulnerable Systems

Application

  • Cpcommerce 0.5f

  • Cpcommerce 1.0.5

  • Cpcommerce 1.0.5.1

  • Cpcommerce 1.0.6

  • Cpcommerce 1.0.7

  • Cpcommerce 1.0.7.1

  • Cpcommerce 1.0.7.2

  • Cpcommerce 1.0.7.3

  • Cpcommerce 1.0.7.4

  • Cpcommerce 1.0.8

  • Cpcommerce 1.0.9

  • Cpcommerce 1.0.9a

  • Cpcommerce 1.1.0

  • Cpcommerce 1.2.0

  • Cpcommerce 1.2.1

  • Cpcommerce 1.2.2

  • Cpcommerce 1.2.3


References

BUGTRAQ - 20081019 Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121

MISC - http://www.datensalat.eu/~fabian/cve/CVE-2008-4121-cpcommerce.html

SREASON - 4448

SECUNIA - 32353

CONFIRM - http://cpcommerce.cpradio.org/

XF - cpcommerce-search-sendtofriend-xss(45970)

SECTRACK - 1021070

BID - 31825


Last Updated: 27 May 2016 10:49:43