Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
BID:53539
Info
Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
| Bugtraq ID: | 53539 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1246 |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | May 17 2012 06:50PM |
| Credit: | ISHIBASHI, Tsuyoshi of Mitsui Bussan Secure Directions |
| Vulnerable: |
Kent WEB MART 1.7 Kent WEB MART 1.61 |
| Not Vulnerable: |
Kent WEB MART 2.8 |
Discussion
Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
Kent WEB MART is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Kent WEB MART versions 1.7 and prior are vulnerable.
Kent WEB MART is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Kent WEB MART versions 1.7 and prior are vulnerable.
Exploit / POC
Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
References:
References: