vendor:
X-Cart Gold
by:
muts
N/A
CVSS
N/A
XSS
79
CWE
Product Name: X-Cart Gold
Affected Version From: 4.5
Affected Version To: 4.5.4
Patch Exists: YES
Related CWE: N/A
CPE: a:x-cart:x-cart_gold:4.5
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using HTML anchor methods and URL encoding.
Mitigation:
X-Cart Gold 4.5.5 and later versions are not vulnerable to this issue.
