CVE-2005-3152

Name of the Vulnerable Software and Affected Versions CubeCart versions 3.0.3 through 3.0.7-pl1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the redir parameter to "cart.php" or "index.php", or the searchStr parameter in a "viewCat" action to "index.php".

Recommendations For CubeCart versions 3.0.3 through 3.0.7-pl1, consider disabling the redir parameter in "cart.php" and "index.php", and restrict the use of the searchStr parameter in the "viewCat" action to "index.php" until a patch is available. Avoid using the redir parameter and the searchStr parameter in the affected API endpoints until the issue is resolved.