Описание
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:devellion:cubecart:3.0.15:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00706
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
EPSS
Процентиль: 72%
0.00706
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other