Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability
BID:53541
Info
Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability
| Bugtraq ID: | 53541 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1247 |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | May 15 2012 12:00AM |
| Credit: | Isayama Takayoshi of Mitsui Bussan Secure Directions |
| Vulnerable: |
Kent WEB MART 1.7 Kent WEB MART 1.61 |
| Not Vulnerable: |
Kent WEB MART 2.8 |
Discussion
Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability
Kent WEB MART is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Kent WEB MART versions 1.7 and prior are vulnerable.
Kent WEB MART is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Kent WEB MART versions 1.7 and prior are vulnerable.
Exploit / POC
Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Kent WEB MART CVE-2012-1247 Cross Site Scripting Vulnerability
References:
References: