Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Comersus Cart <= 6.0.41 Multiple XSS / SQL Injection

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The installed version of Comersus Cart on the remote host suffers from multiple SQL injection and cross-site scripting flaws due to its failure to sanitize user-supplied input. Attackers may be able to exploit these flaws to influence database queries or cause arbitrary HTML and script code to be executed in users' browsers within the context of the affected site.

Solution

Upgrade or patch according to vendor recommendations.