This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote web server contains an ASP script that is prone to a cross-
site scripting attack.
The version of Comersus Cart installed on the remote host fails to
properly sanitize user input to the 'curPage' parameter of the
'comersus_searchItem.asp' script. An attacker can exploit this
vulnerability to cause arbitrary HTML and script code to be executed
in a user's browser within the context of the affected website when a
user views a malicious link.
See also :
Upgrade to Comersus Cart version 6.00 or newer.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 18029 (comersus_curpage_xss.nasl)
Bugtraq ID: 13125
CVE ID: CVE-2005-1188
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.