CVE-2008-6500

CodeToad ASP Shopping Cart Script - Cross-Site Scripting via Query String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6500. PoCs published by Pouya_Server.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in CodeToad ASP Shopping Cart Script by injecting arbitrary JavaScript via unsanitized user input in the URL. The PoC uses a simple alert payload to confirm the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pouya_Server · textwebappsasp

https://www.exploit-db.com/exploits/32611

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in CodeToad ASP Shopping Cart Script by injecting arbitrary JavaScript via unsanitized user input in the URL. The PoC uses a simple alert payload to confirm the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CodeToad ASP Shopping Cart Script

No auth needed

Prerequisites: Victim must visit a crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47003

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32568

Exploit x_refsource_misc

http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt

Scores

EPSS 0.0144

EPSS Percentile 69.8%

Details

CWE

CWE-79

Status published

Products (1)

codetoad/asp_shopping_cart_script

Published Mar 20, 2009

Tracked Since Feb 18, 2026