CVE-2008-1458
CS-Cart 1.3.2 - Cross-Site Scripting via Search Query Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-1458. PoCs published by sasquatch.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in CS-Cart 1.3.2 by injecting malicious JavaScript via the 'q' parameter in a search query. The payload uses a CSS background URL to execute arbitrary script code in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in CS-Cart 1.3.2 by injecting malicious JavaScript via the 'q' parameter in a search query. The payload uses a CSS background URL to execute arbitrary script code in the context of the affected site.