CVE-2010-1541

DFD Cart <1.198-1.197 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php.

References (5)

[Various Sources] http://holisticinfosec.org/content/view/135/45/

[Vendor Advisory] http://secunia.com/advisories/38635

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/38505

[Third Party Advisory, VDB Entry] http://osvdb.org/62671

[Third Party Advisory, VDB Entry] http://osvdb.org/62672

Scores

EPSS 0.0033

EPSS Percentile 55.5%

Classification

CWE

CWE-79

Status published

Affected Products (13)

dragonfrugal/dfd_cart < 1.198

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

dragonfrugal/dfd_cart

n/a/n/a

Timeline

Published Apr 26, 2010

Tracked Since Feb 18, 2026