Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LiteCart 1.3.2: Multiple XSS

From: Henri Salo <henri () nerv fi>
Date: Wed, 18 Nov 2015 19:50:21 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Nov 13, 2015 at 05:07:01PM +0100, Curesec Research Team (CRT) wrote:

2. XSS 1
http://localhost/ecommerce/litecart-1.3.2/public_html/en/search?query=";></title><script>alert(1)</script>
5. Solution
To mitigate this issue please upgrade at least to version 1.3.3:


This seems to be the same vulnerability as CVE-2014-7183[1] found by
Netsparker[2]. CVE-2014-7183 was fixed in version 1.2 according to the
changelog.

1: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7183
2: https://www.netsparker.com/xss-vulnerabilities-in-litecart/

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWTLpcAAoJECet96ROqnV0p+EQAJGyeaHWzAv5kpox5JUscYh1
2lNp6oAfpVRFlE51dp2N8n36MeeLlRvaPQHBGymcm3glYdBOjK8SfW29/FzeVuJt
V0iI4XfrWQ/cQqh8bvUWqYH/HzLyH6vpQEATirHNxjGuVcNqpVhFGTAmDoJRDak1
9qwBzX5cPKlLrqAjfGIO73vfnu1yyPE3XIY4Ljw3ZZuisrL/p+MlJp6NeaLarIY6
BODzT566R2Rb6GZtSfSfToMxwR15FODts3x53A49rkHpGOYkRjriOe4y4BI2zf2G
v3fm7HZcRuEyxv4wYv3IFiRT2fkX4kWOZMSyXOt9SeRCDseiXinK3uyMF1xWFtI9
3m4imjlWg28/a2gyfkrralIFke7W/E/tnV00RnVoAuTqa7AUNWL4EtsJEKfeEUSV
tNhBS/wggt5EpBFfgDSWiZoBG1FwJ997n8AiKoQvUYNopgVboqVjWfvRmFY/RSuN
OrMqaaH2YMOxOXfttFTRC16DHKB2L/jbogc63uVENd8bBHnV/q3Am2Gu2zSwe3uN
auo0jDoaGfhrWMkehffShQAIsmq6dM6jaJwsWESsLGaG8/tBJXjxnYN0h9ArbR4O
pToMgQYdA6f24bzft56BtG+Sgc7EAfjbKNfEu+kDgPtoIFG1LghJ2cwzYR1az3n8
60Q34C0U+SIMqo87tl01
=G6+F
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: