- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24236
- Проверка EDB
-
- Пройдено
- Автор
- DR.PONIDI HARYANTO
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2004-0675
- Дата публикации
- 2004-06-28
Код:
source: https://www.securityfocus.com/bid/10617/info
Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. Theft of cookie-based authentication credentials and other attacks is possible.
Cart32 version 5.0 and prior are considered prone to this issue.
http://www.example.com/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>- Источник
- www.exploit-db.com
