Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/405942 | US Government Resource |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-01-24 07:08
Updated : 2014-02-24 18:14
NVD link : CVE-2013-7317
Mitre link : CVE-2013-7317
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
cs-cart
- cs-cart