CVE-2008-7108

Phpcart - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors.

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44760

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/495806/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30884

Scores

EPSS 0.0025

EPSS Percentile 48.5%

Classification

CWE

CWE-79

Status published

Affected Products (2)

phpcart/phpcart

n/a/n/a

Timeline

Published Aug 28, 2009

Tracked Since Feb 18, 2026