CVE-2008-6500

Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt	Exploit
http://www.securityfocus.com/bid/32568	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47003
http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt	Exploit
http://www.securityfocus.com/bid/32568	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47003

Configurations

Configuration 1 (hide)

cpe:2.3:a:codetoad:asp_shopping_cart_script:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:56

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt - Exploit~~	() http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt - Exploit
References	~~() http://www.securityfocus.com/bid/32568 - Exploit~~	() http://www.securityfocus.com/bid/32568 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/47003 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/47003 -

Information

Published : 2009-03-20 18:30

Updated : 2024-11-21 00:56

NVD link : CVE-2008-6500

Mitre link : CVE-2008-6500

CVE.ORG link : CVE-2008-6500

JSON object : View

Products Affected

codetoad

asp_shopping_cart_script

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-6500", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-03-20T18:30:00.170", "references": [{"url": "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32568", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47003", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32568", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47003", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CodeToad ASP Shopping Cart Script permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la cadena de consulta URI por defecto."}], "lastModified": "2024-11-21T00:56:41.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codetoad:asp_shopping_cart_script:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AD426A9-D1D1-472F-97F8-A2545E86CE5F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}