Summary
The remote web server contains a CGI which is contains a cross site scripting vulnerability.
Description :
The remote host is using Cart32, a shopping cart software.
There is a bug in this software which makes it vulnerable to cross site scripting attacks.
An attacker may use this bug to steal the credentials of the legitimate users of this site.
Solution
Upgrade to the newest version of this software
Severity
Classification
-
CVE CVE-2004-0675 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Open For Business HTML injection vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability