Copyright (C) 2005-2015 Josh Zlatin-Amishav
The remote web server contains several PHP scripts that are prone to
cross-site scripting attacks.
The remote version of CubeCart contains several cross-site scripting
vulnerabilities due to its failure to properly sanitize user-supplied
input of certain variables to the 'index.php' and 'cart.php' scripts.
See also :
Upgrade to CubeCart version 3.0.4 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true