CVE-2006-3030

CVE-2006-3030

EPSS 1.3%

Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://pridels0.blogspot.com/2006/06/dwzone-shopping-cart-xss-vuln.html http://secunia.com/advisories/20603 https://exchange.xforce.ibmcloud.com/vulnerabilities/27032 http://www.osvdb.org/26401 http://www.osvdb.org/26402 http://www.vupen.com/english/advisories/2006/2291