VirtueMart Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	22816
Class:	Input Validation Error
CVE:	CVE-2007-1361
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	May 12 2015 07:33PM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	VirtueMart VirtueMart 1.0.6
Not Vulnerable:	VirtueMart VirtueMart 1.0.10

VirtueMart Multiple Cross-Site Scripting Vulnerabilities

VirtueMart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect versions prior to 1.0.10.

VirtueMart Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

VirtueMart Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released version 1.0.10 to address these issues. Please see the reference section for more information.


VirtueMart VirtueMart 1.0.6

• VirtueMart VirtueMart_1.0.10-COMPLETE_PACKAGE.zip
  http://downloads.sourceforge.net/virtuemart/VirtueMart_1.0.10-COMPLETE _PACKAGE.zip

VirtueMart Multiple Cross-Site Scripting Vulnerabilities

References:

• VirtueMart 1.0.10 SECURITY RELEASE (VirtueMart)
  
• VirtueMart Homepage (VirtueMart)