Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.

Remediation

References

CVE-2008-1550

Related Vulnerabilities

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.28)

PHP CVE-2006-5706 Vulnerability (CVE-2006-5706)

PostgreSQL Insufficiently Protected Credentials Vulnerability (CVE-2021-23222)

WordPress Plugin LearnDash LMS SQL Injection (4.5.3)

Severity

Medium

Classification

CVE-2008-1550 CWE-707

Tags

Missing Update Known Vulnerabilities