CVE-2010-4631 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp USERNAME parameter to (2) gateway.asp and (3) cart.asp and the specific parameter to (4) quote.asp and (5) buyitnow.

Reference

http://advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html http://marc.info/?l=full-disclosure&m=128913521908405&w=2 http://packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt http://secunia.com/advisories/30176 http://www.exploit-db.com/exploits/15448 http://www.securityfocus.com/bid/44698 https://exchange.xforce.ibmcloud.com/vulnerabilities/63053