Info

Last Modified

9 months ago

Percent Complete

25%

Disclosure

Dec 30, 2007

Discovery

Unknown

Dates

Exploit

Dec 30, 2007

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Available
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Products

Unknown or Incomplete

References

Related OSVDB ID: 39757 39758
CVE ID: 2007-6646 (see also: NVD)
Bugtraq ID: 27087
Secunia Advisory ID: 28017
ISS X-Force ID: 39305
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0352.html
http://archives.neohapsis.com/archives/bugtraq/2008-02/0003.html
Other Advisory URL: http://www.hackerscenter.com/Archive/view.asp?id=28144

Manual Testing Notes

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2008/01/04 18:45:22 | CVE-2007-6646 (LiveCart)

from: Badware Watch

Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.

Views This Week

Views All Time