|HIO-2010-0207 DFD Cart Multiple Vulnerabilities|
DFD Cart version 1.197, 1.198 and earlier contains multiple flaws that allow cross-site scripting and cross-ste request forgery.
1) XSS: Input passed to the "category" parameter in your.order.php and to the "category" and "list_quantity" parameters in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
|< Prev||Next >|