vendor:
ViArt Shop Enterprise
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting and HTML Injection
79
CWE
Product Name: ViArt Shop Enterprise
Affected Version From: 2.1.2006
Affected Version To: 2.1.2006
Patch Exists: YES
Related CWE: N/A
CPE: a:viart_ltd:viart_shop_enterprise
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
ViArt Shop Cross-Site Scripting and HTML Injection Vulnerabilities
ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Mitigation:
Input validation should be used to ensure that user-supplied data does not contain malicious HTML or script code.
