Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cart32 | Mcmurtrey_whitaker_and_associates | 2.5a (including) | 2.5a (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 2.6 (including) | 2.6 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 3.0 (including) | 3.0 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 3.1 (including) | 3.1 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 3.5 (including) | 3.5 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 3.5_build619 (including) | 3.5_build619 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 3.5a (including) | 3.5a (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 3.5a_build710 (including) | 3.5a_build710 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 4.4 (including) | 4.4 (including) |
Cart32 | Mcmurtrey_whitaker_and_associates | 5.0 (including) | 5.0 (including) |