XSS in Qualiteam X-cart
CVE-2012-2570
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.017 (73.8th percentile) — read the EPSS interpretation.
Affected products
- Qualiteam X-cart — versions 4.5
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cret@cert.org (x_refsource_OSVDB, vdb-entry)
- cret@cert.org (vdb-entry, x_refsource_XF)
- cret@cert.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cret@cert.org (Exploit, vdb-entry, x_refsource_BID)
- cret@cert.org (Exploit, exploit, x_refsource_EXPLOIT-DB)
Frequently asked questions
- What is CVE-2012-2570?
- CVE-2012-2570 is a vulnerability in Qualiteam X-cart, classified under Cross-site Scripting. Published 2012-08-15.
- Is CVE-2012-2570 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.