MidnightBSD

Advisories for ecommercesoft

CVE-2010-3465 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ecommercesoft xse_shopping_cart 1.5.3.0
ecommercesoft xse_shopping_cart 1.5.2.1