Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbDr.Ponidi HaryantoEDB-ID:24236
HistoryJun 28, 2004 - 12:00 a.m.

McMurtrey/Whitaker & Associates Cart32 2-5 GetLatestBuilds Script - Cross-Site Scripting

2004-06-2800:00:00
Dr.Ponidi Haryanto
www.exploit-db.com
37

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/10617/info

Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.

A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. Theft of cookie-based authentication credentials and other attacks is possible.

Cart32 version 5.0 and prior are considered prone to this issue. 

http://www.example.com/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>

Related

cvelist 1
openvas 1
nvd 1
cve 1
cvelist
cvelist
CVE-2004-0675
2004-07-13 04:00:00
openvas
openvas
Cart32 GetLatestBuilds XSS
2005-11-03 00:00:00
nvd
nvd
CVE-2004-0675
2004-08-06 04:00:00
cve
cve
CVE-2004-0675
2004-08-06 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:24236
cvelist1openvas1nvd1cve1