• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: ProductCart MSG.ASP Cross-Site Scripting Vulnerability

Severity: MODERATE

Description:

ProductCart is an online e-commerce site that is implemented using ASP.

A cross-site scripting vulnerability has been reported for ProductCart. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized from the 'message' URI paramter of the msg.asp script file.

An attacker could exploit this issue to execute arbitrary HTML code in the browser of a remote user who follows a malicious link. Code execution would occur in the context of the vulnerable site.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

Affected Products:

• EarlyImpact ProductCart 1.5.0
• EarlyImpact ProductCart 1.5002.0
• EarlyImpact ProductCart 1.5003.0
• EarlyImpact ProductCart 1.5003.0r
• EarlyImpact ProductCart 1.5004.0
• EarlyImpact ProductCart 1.6.0b
• EarlyImpact ProductCart 1.6.0b001
• EarlyImpact ProductCart 1.6.0b002
• EarlyImpact ProductCart 1.6.0b003
• EarlyImpact ProductCart 1.6.0br
• EarlyImpact ProductCart 1.6.0br001
• EarlyImpact ProductCart 1.6.0br003
• EarlyImpact ProductCart 1.6002.0
• EarlyImpact ProductCart 1.6003.0
• EarlyImpact ProductCart 2.0.0
• EarlyImpact ProductCart 2.0.0br000

References:

• EarlyImpact: ProductCart Homepage