CIA RESEARCH
Alerts
[CIA-1063-Alert] Cube Cart 3.0.11 Cross-Site Scripting
Summary:
Cube Cart version 3.0.11 is affected by multiple vulnerabilities. Sites using vulnerable versions of Cube Cart for e-Commerce should upgrade to a fixed version.
Technical Details:
Cube Cart 3.0.11 and prior versions are vulnerable to Cross-Site Scripting (XSS) and SQL Injection attacks in multiple places. Affected Cube Cart versions allow a remote attacker to conduct Cross-Site Scripting and SQL Injection attacks, and compromise the security of the web application.
Solution:
Acquire an updated version of your e-Commerce shopping cart software from the vendor.
CVE Reference:
CVE-2006-4268
SecurityTracker Number(s):
1016708
Vendor URL:
CubeCart
About the Cenzic CIA Team:
Cenzic Intelligent Analysis (CIA) is Cenzic's research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing - that's what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.
About Cenzic:
Cenzic provides Hailstorm® the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's customers are currently in the financial services and e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC
|
