CVE-2012-5330

asaanCart 0.9 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.

Exploits (1)

exploitdb WRITEUP

by Number 7 · textwebappsphp

https://www.exploit-db.com/exploits/18599

View Code ZIP pw:eip

References (4)

[Exploit] http://www.exploit-db.com/exploits/18599

[Exploit] http://www.securityfocus.com/bid/52498

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74063

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74064

Scores

EPSS 0.0064

EPSS Percentile 70.3%

Classification

CWE

CWE-79

Status published

Affected Products (2)

nasir_khan/asaancart

n/a/n/a

Timeline

Published Oct 08, 2012

Tracked Since Feb 18, 2026