CVE-2010-1590

Name of the Vulnerable Software and Affected Versions Rocksalt International VP-ASP Shopping Cart versions 6.50 and earlier

Description A cross-site scripting issue exists, potentially allowing remote attackers to inject arbitrary web script or HTML via the client's DNS hostname, also known as the REMOTE HOST variable. This issue is related to the CookielessGenerateFilename and CookielessReadFile functions.

Recommendations For versions 6.50 and earlier, consider restricting access to the shopsessionsubs.asp page until a fix is available. As a temporary workaround, avoid using the REMOTE HOST variable in the affected functions until the issue is resolved.