PT-2005-2572 · Codethat · Codethat Shoppingcart
Icaro
+1
·
Publicado
2005-05-16
·
Atualizado
2008-09-05
·
CVE-2005-1593
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CodeThat ShoppingCart version 1.3.1
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
id parameter in the catalog.php file.Recommendations
For CodeThat ShoppingCart version 1.3.1, avoid using the
id parameter in the catalog.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the id parameter to prevent malicious script injection.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Codethat Shoppingcart