CVE-2007-6646

LiveCart <1.1.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete.

Exploits (4)

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30965

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30964

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30967

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Doz · textwebappsphp

https://www.exploit-db.com/exploits/30966

View Code ZIP pw:eip

References (12)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2008-02/0003.html

[Various Sources] http://livecart.com/news/Major-update-LiveCart-1-1-0.8

[Vendor Advisory] http://secunia.com/advisories/28017

[Exploit] http://www.hackerscenter.com/archive/view.asp?id=28144

[Exploit] http://www.securityfocus.com/bid/27087

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39305

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485654/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/39758

[Third Party Advisory, VDB Entry] http://osvdb.org/39757

[Third Party Advisory, VDB Entry] http://osvdb.org/39756

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019151

[Third Party Advisory] http://securityreason.com/securityalert/3512

Scores

EPSS 0.0145

EPSS Percentile 80.6%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

integry_systems/livecart

Timeline

Published Jan 04, 2008

Tracked Since Feb 18, 2026