Comersus Cart Username Field HTML Injection

low Nessus Network Monitor Plugin ID 2796

Synopsis

The remote host is vulnerable to an HTML Injection attack.

Description

According to its banner, the remote host is running a version of Comersus Cart that fails to properly sanitize user input to the Username field. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed by a user's browser in the context of the affected web site when a user views the username; eg, in the admin pages.

Solution

No solution is known at this time.

Plugin Details

Severity: Low

ID: 2796

Family: CGI

Published: 4/6/2005

Updated: 3/6/2019

Nessus ID: 17983

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:comersus_open_technologies:comersus_cart

Reference Information

CVE: CVE-2005-1010, CVE-2005-1188

BID: 13000, 13125