CVE-2012-5225

Опубликовано: 01 окт. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.

Ссылки

http://packetstormsecurity.org/files/view/109126/xclickcart-xss.txt
http://st2tea.blogspot.com/2012/01/xclick-cart-cross-site-scripting.html
Exploit
http://www.securityfocus.com/bid/51699
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72768
http://packetstormsecurity.org/files/view/109126/xclickcart-xss.txt
http://st2tea.blogspot.com/2012/01/xclick-cart-cross-site-scripting.html
Exploit
http://www.securityfocus.com/bid/51699
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72768

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eliteweaver:xclick_cart:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:eliteweaver:xclick_cart:1.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04177

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5j5p-vmmc-8gmj

github

больше 3 лет назад