CVE-2010-1541 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198 1.197 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php and the (3) category parameter to your.order.php.

Reference

http://holisticinfosec.org/content/view/135/45/ http://osvdb.org/62671 http://osvdb.org/62672 http://secunia.com/advisories/38635 http://www.securityfocus.com/bid/38505