Brooky CubeCart < 2.0.6 settings.inc.php XSS
Medium Nessus Network Monitor Plugin ID 2653
SynopsisThe remote host is using Brooky CubeCart, an online storefront application written in PHP.
DescriptionThe remote host is using Brooky CubeCart, an online storefront application written in PHP. This version of CubeCart is vulnerable to a Cross-Site Scripting (XSS) flaw within the default parser. An attacker exploiting these flaws would be need to be able to convince a user to click on a malicious URL. Upon successful exploitation, the attacker would be able to steal credentials or execute code within the browser.
SolutionUpgrade to version 2.0.6 or higher.