Comersus Cart Username Field HTML Injection
Medium Nessus Network Monitor Plugin ID 2796
SynopsisThe remote host is vulnerable to an HTML Injection attack.
DescriptionAccording to its banner, the remote host is running a version of Comersus Cart that fails to properly sanitize user input to the Username field. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed by a user's browser in the context of the affected web site when a user views the username; eg, in the admin pages.
SolutionNo solution is known at this time.