Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability
BID:9856
Info
Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9856 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 12 2004 12:00AM |
| Updated: | Mar 12 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Nick Gudov. |
| Vulnerable: |
Dogpatch Software CFWebstore 5.0 |
| Not Vulnerable: |
Dogpatch Software CFWebstore 5.0.1 |
Discussion
Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability
It has been reported that CFWebstore is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user input.
Attackers may exploit this vulnerability to steal authentication credentials. Other attacks may also be possible.
It has been reported that CFWebstore is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user input.
Attackers may exploit this vulnerability to steal authentication credentials. Other attacks may also be possible.
Exploit / POC
Solution / Fix
Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability
Solution:
The vendor has supplied an upgrade dealing with this issue. Please see the reference section to contact the vendor for details on obtaining the upgrade.
Solution:
The vendor has supplied an upgrade dealing with this issue. Please see the reference section to contact the vendor for details on obtaining the upgrade.
References
Dogpatch Software CFWebstore Cross-Site Scripting Vulnerability
References:
References:
- CFWebstore (Dogpatch Software)
- Dogpatch Software CFWebstore 5.0 shopping cart software multiple security... (S-Quadra Security Research