Cross-Site Scripting Vulnerability in CS-Cart by Simbirsk Technologies
CVE-2008-1458

Currently unrated

Key Information:

Vendor

Cs-cart

Status
Cs-cart
Vendor
CVE Published:
24 March 2008

What is CVE-2008-1458?

The vulnerability found in CS-Cart version 1.3.2 allows attackers to exploit the 'q' parameter within the products search action, enabling them to inject arbitrary web scripts or HTML. The issue extends to the trial edition of CS-Cart 1.3.5-SP2, raising significant concerns for users reliant on this e-commerce solution. Attackers can leverage this vulnerability to manipulate site content or execute malicious scripts in the context of unsuspecting users' sessions.

References

http://secunia.com/advisories/29468
third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/3762
third-party-advisoryx_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/41306
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.