CVE-2009-4688

PHP Shopping Cart Selling Website Script - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 599eme Man · textwebappsphp

https://www.exploit-db.com/exploits/34710

View Code ZIP pw:eip

References (3)

[Exploit] http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt

[Vendor Advisory] http://secunia.com/advisories/35894

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/1977

Scores

EPSS 0.0085

EPSS Percentile 74.7%

Classification

CWE

CWE-79

Status published

Affected Products (2)

resalecode/php_shopping_cart_selling_website_script

n/a/n/a

Timeline

Published Mar 10, 2010

Tracked Since Feb 18, 2026