CVE-2008-1550

Name of the Vulnerable Software and Affected Versions CubeCart version 4.2.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via two parameters: (1) the a parameter in a searchStr action and (2) the Submit parameter.

Recommendations For CubeCart version 4.2.1, consider disabling the searchStr action and restricting access to the Submit parameter until a patch is available. Avoid using the a parameter in the searchStr action and the Submit parameter in the affected API endpoint until the issue is resolved.