jCart 1.1 my-item-name POST Parameter XSS

medium Nessus Plugin ID 55775

Synopsis

The remote web server hosts an application that is affected by a cross-site scripting vulnerability.

Description

The remote web server hosts jCart.

Nessus was able to trigger a cross-site scripting vulnerability against one of the PHP scripts.

In addition, this web application is likely to be affected by uncontrolled redirection and affected by cross-site request forgery vulnerabilities, although Nessus has not checked for them.

Solution

Upgrade to jCart 1.2 or later.

See Also

http://conceptlogic.com/jcart/help/viewtopic.php?f=6&t=669

Plugin Details

Severity: Medium

ID: 55775

File Name: jcart11_xss.nasl

Version: 1.12

Type: remote

Published: 8/8/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/28/2010

Vulnerability Publication Date: 10/1/2010

Reference Information

BID: 43639

CWE: 79, 80, 928, 931