CVE-2012-5225

xClick Cart <1.0.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by sonyy · textwebappsphp

https://www.exploit-db.com/exploits/36632

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] http://packetstormsecurity.org/files/view/109126/xclickcart-xss.txt

[Exploit] http://st2tea.blogspot.com/2012/01/xclick-cart-cross-site-scripting.html

[Exploit] http://www.securityfocus.com/bid/51699

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72768

Scores

EPSS 0.0418

EPSS Percentile 88.6%

Classification

CWE

CWE-79

Status published

Affected Products (3)

eliteweaver/xclick_cart

n/a/n/a

Timeline

Published Oct 01, 2012

Tracked Since Feb 18, 2026