CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-4631

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.065

EPSS Ranking 90.7%

CVSS Severity

CVSS v2 Score 4.3

References

http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
http://secunia.com/advisories/30176
http://www.exploit-db.com/exploits/15448
http://www.securityfocus.com/bid/44698
https://exchange.xforce.ibmcloud.com/vulnerabilities/63053
http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html
http://marc.info/?l=full-disclosure&m=128913521908405&w=2
http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt
http://secunia.com/advisories/30176
http://www.exploit-db.com/exploits/15448
http://www.securityfocus.com/bid/44698
https://exchange.xforce.ibmcloud.com/vulnerabilities/63053

Products affected by CVE-2010-4631

Pilotcart » Pilot Cart » Version: 7.3

cpe:2.3:a:pilotcart:pilot_cart:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4631

Products

Pricing

Contact Us