Description
Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.
Product(s):
- Comersus Open Technologies Comersus Cart 3.90
- Comersus Open Technologies Comersus Cart 4.00
- Comersus Open Technologies Comersus Cart 4.051
- Comersus Open Technologies Comersus Cart 4.14
- Comersus Open Technologies Comersus Cart 4.20b
- Comersus Open Technologies Comersus Cart 4.23
- Comersus Open Technologies Comersus Cart 4.27
- Comersus Open Technologies Comersus Cart 4.28
- Comersus Open Technologies Comersus Cart 4.29
- Comersus Open Technologies Comersus Cart 4.36
- Comersus Open Technologies Comersus Cart 4.47
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-1188, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-1188 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.