CVE-2010-3465

Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/68029
http://osvdb.org/68030
http://pridels-team.blogspot.com/2010/09/xse-shopping-cart-xss-vuln.html
http://secunia.com/advisories/41453	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61828

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.2.1:::::::*
	cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.3.0:::::::*

History

No history.

Information

Published : 2010-09-17 20:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-3465

Mitre link : CVE-2010-3465

CVE.ORG link : CVE-2010-3465

JSON object : View

Products Affected

ecommercesoft

xse_shopping_cart

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2010-3465", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-09-17T20:00:04.527", "references": [{"url": "http://osvdb.org/68029", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/68030", "source": "cve@mitre.org"}, {"url": "http://pridels-team.blogspot.com/2010/09/xse-shopping-cart-xss-vuln.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/41453", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61828", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en XSE Shopping Cart v1.5.2.1 y v1.5.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del (1) par\u00e1metro id a Default.aspx y (2) el par\u00e1metro type a SearchResults.aspx."}], "lastModified": "2017-08-17T01:32:58.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6C030B9-B972-4C31-ACB1-B0B7044AA425"}, {"criteria": "cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22935A3B-99B3-48CF-8667-A87C77EB2F2D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}