Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ]

  [SECURITY] [DSA 2177-1] pywebdav security update

  [SECURITY] [DSA 2179-1] dtc security update

  iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability

From:Antonio San Martino <antonio_s_martino_(at)_yahoo.es>
Date:3 марта 2011 г.
Subject:Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS)

Hello,
In Prestashop Cartium 1.3.3 I have detected multiple Cross Site Scripting (XSS)
vulnerabilities:

File                 Field
categoty.php   id_category
product.php     id_product
search.php      search_query

Test pattern for vulnerable versions:  

"></script>alert(1)</script>

Kind Regards
Antonio San Martino


О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород