Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 up to and including 2.0.5, as used in multiple PHP files, allows remote malicious users to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
devellion cubecart 2.0.3 |
||
devellion cubecart 2.0.1 |
||
devellion cubecart 2.0.2 |
||
devellion cubecart 2.0.0 |
||
devellion cubecart 2.0.5 |
Vulmon