Full Disclosure mailing list archives
Re: LiteCart 1.3.2: Multiple XSS
From: Henri Salo <henri () nerv fi>
Date: Wed, 18 Nov 2015 19:50:21 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Nov 13, 2015 at 05:07:01PM +0100, Curesec Research Team (CRT) wrote:
2. XSS 1 http://localhost/ecommerce/litecart-1.3.2/public_html/en/search?query="></title><script>alert(1)</script> 5. Solution To mitigate this issue please upgrade at least to version 1.3.3:
This seems to be the same vulnerability as CVE-2014-7183[1] found by Netsparker[2]. CVE-2014-7183 was fixed in version 1.2 according to the changelog. 1: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7183 2: https://www.netsparker.com/xss-vulnerabilities-in-litecart/ - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWTLpcAAoJECet96ROqnV0p+EQAJGyeaHWzAv5kpox5JUscYh1 2lNp6oAfpVRFlE51dp2N8n36MeeLlRvaPQHBGymcm3glYdBOjK8SfW29/FzeVuJt V0iI4XfrWQ/cQqh8bvUWqYH/HzLyH6vpQEATirHNxjGuVcNqpVhFGTAmDoJRDak1 9qwBzX5cPKlLrqAjfGIO73vfnu1yyPE3XIY4Ljw3ZZuisrL/p+MlJp6NeaLarIY6 BODzT566R2Rb6GZtSfSfToMxwR15FODts3x53A49rkHpGOYkRjriOe4y4BI2zf2G v3fm7HZcRuEyxv4wYv3IFiRT2fkX4kWOZMSyXOt9SeRCDseiXinK3uyMF1xWFtI9 3m4imjlWg28/a2gyfkrralIFke7W/E/tnV00RnVoAuTqa7AUNWL4EtsJEKfeEUSV tNhBS/wggt5EpBFfgDSWiZoBG1FwJ997n8AiKoQvUYNopgVboqVjWfvRmFY/RSuN OrMqaaH2YMOxOXfttFTRC16DHKB2L/jbogc63uVENd8bBHnV/q3Am2Gu2zSwe3uN auo0jDoaGfhrWMkehffShQAIsmq6dM6jaJwsWESsLGaG8/tBJXjxnYN0h9ArbR4O pToMgQYdA6f24bzft56BtG+Sgc7EAfjbKNfEu+kDgPtoIFG1LghJ2cwzYR1az3n8 60Q34C0U+SIMqo87tl01 =G6+F -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- LiteCart 1.3.2: Multiple XSS Curesec Research Team (CRT) (Nov 14)
- Re: LiteCart 1.3.2: Multiple XSS Henri Salo (Nov 19)
- Re: LiteCart 1.3.2: Multiple XSS Curesec Research Team (CRT) (Nov 24)
- Re: LiteCart 1.3.2: Multiple XSS Henri Salo (Nov 19)