Cross-site scripting vulnerability in Cart32

vendor:

Cart32

by:

Unknown

5.5

CVSS

MEDIUM

Cross-site scripting (XSS)

CWE

Product Name: Cart32

Affected Version From: 5

Affected Version To: 5

Patch Exists: NO

Related CWE:

CPE: a:cart32:cart32:5.0

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Cross-site scripting vulnerability in Cart32

Cart32 is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. A remote attacker can create a malicious link that includes hostile HTML and script code. If a user follows this link, the hostile code can render in the victim's web browser, allowing for theft of authentication credentials and other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization mechanisms. Additionally, web application firewalls can help detect and prevent XSS attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10617/info

Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.

A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. Theft of cookie-based authentication credentials and other attacks is possible.

Cart32 version 5.0 and prior are considered prone to this issue. 

http://www.example.com/scripts/cart32.exe/GetLatestBuilds?cart32=&lt;script&gt;alert('XSS')&lt;/script&gt;