Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DragDropCart 多个跨站脚本攻击漏洞
Vulnerability Description
DragDropCart 中存在多个跨站脚本攻击漏洞。远程攻击者能借助(1)assets/js/ddcart.php中的sid 参数,(2) includes/ajax/getstate.php中prefix参数,(3) index.php的search参数以及 (4) search.php的search参数注入任意的WEB脚本和HTML.
CVSS Information
N/A
Vulnerability Type
N/A