CaupoShop User Information Cross-Agent Scripting Vulnerability

CaupoShop is a web based shopping cart system. CaupoShop is implemented in PHP, and may be found on Linux, Windows or other Unix based systems.

A cross-agent scripting vulnerability has been reported in some versions of CaupoShop. When a user is created, JavaScript code may be included in most of the fields associated with that user. If an administrator then views the maliciously created user, the script will be displayed and interpreted in the context of the CaupoShop administration page.

This vulnerability may also exist in earlier versions of CaupoShop, or in CaupoShopPro. This has not been confirmed.


Privacy Statement
Copyright 2010, SecurityFocus