CubeCart 4.x.x Cross-Site Scripting Vulnerabilities

Two vulnerabilities has been discoverd in CubeCart 4.xx by Russ McRee that can be use by hackers to exploit website by cross-site scripting attacks. The search input string is not properly sanitised before passed to script for execution. This behaviour can be used by attacker to execute malicious script code…continue reading →