[2/5] Maian Cart “keywords” Cross-Site Scripting
February 28th, 2008 by 
[2/5] Maian Cart “keywords” Cross-Site Scripting
:Russ McRee has discovered a vulnerability in Maian Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "keywords" parameter in index.php (when "cmd" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerability is confirmed in version 1.1. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:Russ McRee
Original post by amit
[2/5] Maian Cart “keywords” Cross-Site Scripting
Related Articles:
[2/5] Maian Gallery “keywords” Cross-Site Scripting Vulnerability [2/5] Maian Weblog Multiple Cross-Site Scripting Vulnerabilities [2/5] Maian Uploader Multiple Cross-Site Scripting Vulnerabilities [3/5] Maian Greetings Cross-Site Scripting and SQL Injection Vulnerabilities [3/5] Maian Search Cross-Site Scripting and SQL Injection Vulnerabilities
Posted in Advisories - Exploits | 
| [2/5] Maian Cart “keywords” Cross-Site Scripting