| VID |
21673 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Comersus Shopping Cart program is vulnerable to multiple input validation vulnerabilities. Comersus Shopping Cart is a freely available shopping cart program for Microsoft Windows and Linux operating systems. Comersus Shopping Cart is vulnerable to multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and SQL injection attacks.
1) Multiple SQL Injection Vulnerabilities: Input passed to the "idProduct" parameter of the "comersus_optReviewReadExec.asp" script and the "email" parameter of the "comersus_optAffiliateRegistrationExec.asp" script isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Multiple Cross-Site Scripting Vulnerabilities: Input passed to the "message" parameter of the "comersus_backoffice_message.asp" script and the "name" parameter of the "comersus_backoffice_listAssignedPricesToCustomer.asp" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* References:
http://www.securityfocus.com/archive/1/404570/30/0/threaded
* Platforms Affected:
Comersus Open Technologies, Comersus Shopping Cart Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of August 2005.
Upgrade to the latest version of Comersus Shopping Cart, when new fixed version becomes available from the Comersus Open Technologies Download site at http://www.comersus.com/comersus-downloads/ |
| Related URL |
(CVE) |
| Related URL |
14183,14191 (SecurityFocus) |
| Related URL |
21434 (ISS) |
|
