CVE-2009-2587

Name of the Vulnerable Software and Affected Versions DragDropCart (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including the sid parameter to "assets/js/ddcart.php", the prefix parameter to "includes/ajax/getstate.php", the search parameter to "index.php" and "search.php", the redirect parameter to "login.php", and the product parameter to "productdetail.php".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.