CubeCart Open URL Redirection

February 11, 2012 By

Information At A Glance
  • Source – Aung Khant, YGN Ethical Hacker Group, Myanmar.
  • Version/Dependency – 3.0.20 and earlier
  • Developer – cubecart.com
  • Severity – MEDIUM
Summary
CubeCart v3.0.20 and lower versions contain is vulnerable to a remote cross site redirection attack. The attacker could use a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to a site of the attacker’s choice.
Fix / Corrective Action(s)
Upgrade to CubeCart 4x/5.x, the 3.x family is no longer being maintained. Please visit: http://cubecart.com for more information on updates.
Miscellaneous

Disclaimer: Salvus Alerting provides timely industry related information to its subscriber community and visitors for informational purposes only and makes every effort to distribute accurate and reliable information. Any information provided, is considered “as-is” and the subscriber and/or visitor assumes all responsibility for its uses. Salvus Alerting disclaims all warranties with regard to the information being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information being provided. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC. – as of 02/11/2012
Filed Under: cube cart, E-Comm., Latest SalvusAlerts Tagged With: ,