CubeCart Cross-Site Scripting Vulnerabilities - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CubeCart Cross-Site Scripting Vulnerabilities

Secunia Advisory:	SA22175
Release Date:	2006-09-28
Last Update:	2006-10-03

Critical:	Less critical
Impact:	Cross Site Scripting
Where:	From remote
Solution Status:	Unpatched

Software:	CubeCart 2.x

CVE reference:	CVE-2006-5107 (Secunia mirror) CVE-2006-5108 (Secunia mirror) CVE-2006-5109 (Secunia mirror)

	This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released!

Description: HACKERS PAL has discovered some vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/admin/nav.php?site_url=[code] http://[host]/admin/nav.php?la_search_home=[code] http://[host]/admin/header.inc.php?site_name=[code] http://[host]/admin/header.inc.php?la_adm_header=[code] http://[host]/admin/header.inc.php?charset=[code] http://[host]/footer.inc.php?la_pow_by=[code] Successful exploitation requires that "register_globals" is enabled. The vulnerabilities have been confirmed in version 2.0.7. Other versions may also be affected. Solution: The 3.x branch is not affected by the vulnerabilities. Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off". Provided and/or discovered by: HACKERS PAL Changelog: 2006-10-03: Added CVE references.



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

5 Related Secunia Security Advisories

1. CubeCart Cross-Site Scripting and File Upload Authentication Bypass

2. CubeCart "language" PHP Script Inclusion Vulnerability

3. CubeCart Cross-Site Scripting Vulnerabilities

4. CubeCart "language" Local File Inclusion Vulnerability

5. CubeCart "cat_id" SQL Injection Vulnerability

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

2.	Sun Solaris Kernel Covert Channel Security Bypass

3.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

4.	Novell eDirectory Multiple Vulnerabilities

5.	phpMyRealty "price_max" SQL Injection Vulnerability

6.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

7.	dotProject SQL Injection and Cross-Site Scripting

8.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

9.	Slackware update for amarok

10.	Adium MSN SLP Message Integer Overflow Vulnerabilities