Summary
This host is installed with AbanteCart and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to version 1.1.4 or later,
For updates refer to http://www.abantecart.com
Insight
Input passed via the 'limit', 'page', 'rt', 'sort', 'currency', 'product_id', 'language', 's', 'manufacturer_id', and 'token' GET parameters to index.php is not properly sanitized before being returned to the user.
Affected
AbanteCart version 1.1.3 and prior
References
- http://cxsecurity.com/issue/WLB-2013020095
- http://packetstormsecurity.com/files/120273
- http://secunia.com/advisories/52165
- http://www.osvdb.org/90225
- http://www.securelist.com/en/advisories/52165
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5125.php
- http://xforce.iss.net/xforce/xfdb/82073
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities