Description
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.
Exploits (1)
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51699
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72768
Exploit x_refsource_misc
http://st2tea.blogspot.com/2012/01/xclick-cart-cross-site-scripting.html
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/view/109126/xclickcart-xss.txt
Scores
EPSS
0.0418
EPSS Percentile
88.8%
Details
CWE
CWE-79
Status
published
Products (2)
eliteweaver/xclick_cart
1.0.1
eliteweaver/xclick_cart
1.0.2
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026