asaanCart Multiple Input Validation Vulnerabilities

asaanCart is prone to multiple input-validation vulnerabilities, including:

1. Multiple HTML-injection vulnerabilities
2. A local file-include vulnerability
3. A cross-site scripting vulnerability

Exploiting these issues could allow an attacker to execute arbitrary script code in the browser, steal cookie-based authentication credentials, control how the site is rendered to the user, view files, and execute local scripts.

asaanCart 0.9 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus