Brooky CubeCart Index.php Language XSS Network Vulnerability

Summary

The remote host runs CubeCart, is an eCommerce script written with PHP & MySQL. This version is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server.

Solution

Upgrade to version 2.0.5 or higher

Severity

Classification

CVE CVE-2005-0442, CVE-2005-0443
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
/doc directory browsable ?
Allaire JRun directory browsing vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Brooky CubeCart index.php language XSS

Take action and discover your vulnerabilities