CubeCart "first_name"/"last_name" Cross-Site Scripting Vulnerability
CubeCart "first_name"/"last_name" Cross-Site Scripting Vulnerability
Release date:
Updated on:
Affected Systems:
CubeCart <6.0.10
Description:
CVE (CAN) ID:
CubeCart is an open-source shopping software.
The stored XSS vulnerability exists in CubeCart 6.0.10 and earlier versions. It is located in the "first_name" and "last_name" parameters in the "/index. php" script. Remote attackers can inject malicious HTML or JS scripts and execute them in the context of the affected website.
<* Source: High-Tech Bridge Security Research Lab
Link: http://seclists.org/bugtraq/2016/Mar/203
*>
Suggestion:
Vendor patch:
CubeCart
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.cubecart.com/
This article permanently updates the link address: