ViArt Shop Multiple Cross-Site Scripting Vulnerabilities
BID:18369
CVE-2006-2979 |Info
ViArt Shop Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 18369 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 07 2006 12:00AM |
| Updated: | Jun 12 2006 07:36PM |
| Credit: | John Cobb is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
ViArt ViArt Shop 2.5.5 |
| Not Vulnerable: | |
Discussion
ViArt Shop Multiple Cross-Site Scripting Vulnerabilities
ViArt Shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
ViArt Shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
ViArt Shop Multiple Cross-Site Scripting Vulnerabilities
Attackers exploit these issues by enticing a victim to follow a malicious link that includes hostile HTML and script code.
Attackers exploit these issues by enticing a victim to follow a malicious link that includes hostile HTML and script code.
Solution / Fix
ViArt Shop Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released a patch to address the issue.
mailto:[email protected]
ViArt ViArt Shop 2.5.5
Solution:
The vendor has released a patch to address the issue.
mailto:[email protected]
ViArt ViArt Shop 2.5.5
-
ViArt xss_fix.zip
http://www.codetosell.com/downloads/xss_fix.zip