CVE-2007-6646

Name of the Vulnerable Software and Affected Versions LiveCart versions prior to 1.1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters, including the return parameter to user/remindPassword, the q parameter to the category script, the return parameter to the order script, or the email parameter to user/remindComplete.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters, such as return and q, until a patch is available. Avoid using the email parameter in the affected user/remindComplete endpoint until the issue is resolved.