X-Cart Cross Site Scripting and Security Bypass Vulnerabilities
BID:58246
Info
X-Cart Cross Site Scripting and Security Bypass Vulnerabilities
| Bugtraq ID: | 58246 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2013 12:00AM |
| Updated: | Mar 01 2013 12:00AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Qualiteam X-Cart 4.1.8 Qualiteam X-Cart 4.1.3 Qualiteam X-Cart 4.0.8 |
| Not Vulnerable: | |
Discussion
X-Cart Cross Site Scripting and Security Bypass Vulnerabilities
X-Cart is prone to a cross-site scripting vulnerability and multiple security bypass vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and launch other attacks.
Versions prior to X-Cart 4.5.5 are vulnerable.
X-Cart is prone to a cross-site scripting vulnerability and multiple security bypass vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and launch other attacks.
Versions prior to X-Cart 4.5.5 are vulnerable.
References
X-Cart Cross Site Scripting and Security Bypass Vulnerabilities
References:
References:
- X-Cart Homepage (X-Cart)