TUCoPS :: Web :: e-commerce, shopping carts :: bx1249.htm

LiveCart Multiple Cross-Site Scripting Vulnerabilities
LiveCart Multiple Cross-Site Scripting Vulnerabilities
LiveCart Multiple Cross-Site Scripting Vulnerabilities


 [HSC] LiveCart Multiple Cross-Site Scripting Vulnerabilities=0D
=0D
=0D
=0D
LiveCart is a new PHP/MySQL powered shopping cart software developed by Integry Systems.=0D
An attacker may leverage this issue to have arbitrary script code execute in the browser=0D
of an unsuspecting user in the context of the affected site. This may help the attacker=0D
steal cookie-based authentication credentials and launch other attacks.=0D
=0D
=0D
Hackers Center Security Group (http://www.hackerscenter.com)=0D 
Credit: Doz=0D
=0D
=0D
Risk: Medium=0D
Class: Input Validation Error=0D
Remote: YES=0D
=0D
Vendor: http://livecart.com=0D 
Version: 1.0.1=0D
=0D
=0D
=0D
* Attackers can exploit these issues via a web client.=0D
=0D
=0D
Exploit Path:=0D
=0D
=0D
http://www.site.com/user/remindPassword?return=XSS=0D 
=0D
http://www.site.com/category?id=1&q=XSS=0D 
=0D
http://www.site.com/order?return=order/XSS=0D 
=0D
http://www.site.com/user/remindComplete?email=XSS=0D 
=0D
=0D
Reference: http://www.hackerscenter.com/archive/view.asp?id=28144

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH