Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Admin CP 404 Error XSS Vulnerability if "admin.php" path is known #2128

Closed
abrookbanks opened this Issue Aug 7, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@abrookbanks
Copy link
Member

abrookbanks commented Aug 7, 2018

Discovered by Zekvan from Netsparker.

A Cross-site Scripting vulnerability is present in recent versions of CubeCart version 6 from 6.2.1 and below potentially delivering a malicious script to the merchants browser.

This vulnerability is only of concern if the admin URL is somehow disclosed to the attacker.

cubecart
cubecart2

@abrookbanks abrookbanks added the security label Aug 7, 2018

@abrookbanks abrookbanks added this to the 6.2.2 milestone Aug 7, 2018

@abrookbanks abrookbanks self-assigned this Aug 7, 2018

@abrookbanks abrookbanks closed this Aug 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.