header-logo
Suggest Exploit
vendor:
Online Store Kit
by:
SecurityFocus
8.3
CVSS
HIGH
Cross-site scripting and SQL injection
79, 89
CWE
Product Name: Online Store Kit
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: a:onlinestorekit:onlinestorekit:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Multiple vulnerabilities in Online Store Kit version 3.0

Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via the 'id' parameter of 'more.php' script.

Mitigation:

Input validation and sanitization should be implemented to prevent malicious input from being processed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9676/info
 
Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via the 'id' parameter of 'more.php' script.
 
Online Store Kit version 3.0 has been reported to be prone to these issues.

more.php?id=%3Cscript%3Ealert(document.domain);%3C/script%3E&

Navigation

Suggest Exploit

Services By CQR