9 lines
No EOL
702 B
Text
9 lines
No EOL
702 B
Text
source: http://www.securityfocus.com/bid/10617/info
|
|
|
|
Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
|
|
|
|
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. Theft of cookie-based authentication credentials and other attacks is possible.
|
|
|
|
Cart32 version 5.0 and prior are considered prone to this issue.
|
|
|
|
http://www.example.com/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script> |