Web application abuses : DHCart < 3.88 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100028

Categoría: Web application abuses

Título: DHCart < 3.88 Multiple Vulnerabilities - Active Check

Resumen: DHCart is prone to multiple cross-site scripting (XSS) and; HTML injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Descripción: Summary:
DHCart is prone to multiple cross-site scripting (XSS) and
HTML injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Vulnerability Impact:
Attacker-supplied HTML or JavaScript code could run in the
context of the affected site, potentially allowing the attacker to steal cookie-based
authentication credentials and to control how the site is rendered to the user, other attacks are
also possible.

Affected Software/OS:
DHCart version 3.84 and prior.

Solution:
Update to version 3.88 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-6297
BugTraq ID: 32117
http://www.securityfocus.com/bid/32117
http://lostmon.blogspot.com/2008/11/dhcart-multiple-variable-xss-and-stored.html
http://secunia.com/advisories/32555
XForce ISS Database: dhcart-order-xss(46339)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46339

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100028
Categoría:	Web application abuses
Título:	DHCart < 3.88 Multiple Vulnerabilities - Active Check
Resumen:	DHCart is prone to multiple cross-site scripting (XSS) and; HTML injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Descripción:	Summary: DHCart is prone to multiple cross-site scripting (XSS) and HTML injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Vulnerability Impact: Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user, other attacks are also possible. Affected Software/OS: DHCart version 3.84 and prior. Solution: Update to version 3.88 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6297 BugTraq ID: 32117 http://www.securityfocus.com/bid/32117 http://lostmon.blogspot.com/2008/11/dhcart-multiple-variable-xss-and-stored.html http://secunia.com/advisories/32555 XForce ISS Database: dhcart-order-xss(46339) https://exchange.xforce.ibmcloud.com/vulnerabilities/46339
Copyright	Copyright (C) 2009 Greenbone AG