header-logo
Suggest Exploit
vendor:
A-Cart
by:
SecurityFocus
3.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: A-Cart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

A-Cart Cross-Site Scripting Vulnerability

A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp. An attacker could exploit this condition to render arbitrary HTML in the browser of a victim, stealing cookie authentication credentials or performing other nefarious acts.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8722/info

A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp.

An attacker could exploit this condition to render arbitrary HTML in the browser of a victim, stealing cookie authentication credentials or performing other nefarious acts. 

http://www.example.com/acartpath/signin.asp?msg=<script>alert('Zone-h')</script>

Navigation

Suggest Exploit

Services By CQR