CVE-2005-3152

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24177

http://securityreason.com/securityalert/35

http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html

http://bugs.cubecart.com/?do=details&id=459

http://bugs.cubecart.com/?do=details&id=363

Details

Source: Mitre, NVD

Published: 2005-10-05

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium