CVE-2012-6430

Opensolution Quick Cart - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/38207

View Code ZIP pw:eip

References (8)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.html

[Exploit] http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html

[Vendor Advisory] http://secunia.com/advisories/51769

[Vendor Advisory] http://secunia.com/advisories/51813

[Exploit] https://www.htbridge.com/advisory/HTB23135

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/81169

[Third Party Advisory, VDB Entry] http://osvdb.org/89119

[Third Party Advisory, VDB Entry] http://osvdb.org/89120

Scores

EPSS 0.1093

EPSS Percentile 93.3%

Details

CWE

CWE-79

Status published

Products (4)

opensolution/quick_cart

opensolution/quick_cms

n/a/n/a

opensolution/quick.cart

Published Mar 24, 2014

Tracked Since Feb 18, 2026