Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
devellion cubecart 3.0.15 |
Vulmon