ID de Prueba:	1.3.6.1.4.1.25623.1.0.802199
Categoría:	Web application abuses
Título:	CubeCart Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Resumen:	CubeCart is prone to SQL injection and multiple cross-site scripting vulnerabilities.
Descripción:	Summary: CubeCart is prone to SQL injection and multiple cross-site scripting vulnerabilities. Vulnerability Insight: The flaws are due to - Input passed to the 'amount', 'cartId', 'email', 'transId', and 'transStatus' parameters in 'modules/gateway/WorldPay/return.php' is not properly sanitised before being returned to the user. - Input passed via the 'searchStr' parameter to index.php (when '_a' is set to 'viewCat') is not properly sanitised before being used in a SQL query. Vulnerability Impact: Successful exploitation will let attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site and manipulate SQL queries by injecting arbitrary SQL code. Affected Software/OS: CubeCart version 4.3.3. Solution: Upgrade to CubeCart version 4.4.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4903 BugTraq ID: 43114 http://www.securityfocus.com/bid/43114 Bugtraq: 20100909 SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3 (Google Search) http://www.securityfocus.com/archive/1/513572/100/0/threaded http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/ http://secunia.com/advisories/41352 http://securityreason.com/securityalert/8441
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.