Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18774
HistoryJan 02, 2008 - 12:00 a.m.

LiveCart Multiple Cross-Site Scripting Vulnerabilities

2008-01-0200:00:00
vulners.com
41

[HSC] LiveCart Multiple Cross-Site Scripting Vulnerabilities

LiveCart is a new PHP/MySQL powered shopping cart software developed by
Integry Systems.
An attacker may leverage this issue to have arbitrary script code execute in
the browser
of an unsuspecting user in the context of the affected site. This may help
the attacker
steal cookie-based authentication credentials and launch other attacks.

Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Risk: Medium
Class: Input Validation Error
Remote: YES

Vendor: http://livecart.com
Version: 1.0.1

  • Attackers can exploit these issues via a web client.

Exploit Path:

http://www.site.com/user/remindPassword?return=XSS

http://www.site.com/category?id=1&q=XSS

http://www.site.com/order?return=order/XSS

http://www.site.com/user/remindComplete?email=XSS

Reference: http://www.hackerscenter.com/archive/view.asp?id=28144