jCart 1.1 my-item-name POST Parameter XSS

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server hosts an application that is affected by a
cross-site scripting vulnerability.

Description :

The remote web server hosts jCart.

Nessus was able to trigger a cross-site scripting vulnerability
against one of the PHP scripts.

In addition, this web application is likely to be affected by
uncontrolled redirection and affected by cross-site request forgery
vulnerabilities, although Nessus has not checked for them.

See also :


Solution :

Upgrade to jCart 1.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 55775 ()

Bugtraq ID: 43639