header-logo
Suggest Exploit
vendor:
Free Shopping Cart
by:
SecurityFocus
6.4
CVSS
MEDIUM
Cross-Site Vulnerability
79
CWE
Product Name: Free Shopping Cart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

iGeneric Free Shopping Cart Cross-Site Vulnerability

It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user supplied URI parameters are properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9773/info

It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters

Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

page.php?page_type=catalog_products&type_id[]=%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=

Navigation

Suggest Exploit

Services By CQR