Vulnerability Note VU#405942
CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities
CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting (XSS) vulnerabilities (CWE-79).
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary script via the vulnerable query string parameters settings_file and data_file of the ampie.swf, amline.swf, or amcolumn.swf files.
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CS-Cart||Affected||22 Nov 2013||03 Dec 2013|
CVSS Metrics (Learn More)
Thanks to Nikhil Srivastava from Techdefence Labs for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2013-7317
- Date Public: 20 Jan 2013
- Date First Published: 23 Jan 2014
- Date Last Updated: 28 Jan 2014
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.