Vulnerability Description
Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Storesprite | Storesprite | <= 7_24-04-13 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127221/Storesprite-7-Cross-Site-Scripting.h
- http://secunia.com/advisories/59524
- http://www.securityfocus.com/archive/1/532552/100/0/threaded
- http://www.securityfocus.com/bid/68197
- http://www.storesprite.com/docs/26/htb23215_xss_vulnerability/Vendor Advisory
- https://www.htbridge.com/advisory/HTB23215
- http://packetstormsecurity.com/files/127221/Storesprite-7-Cross-Site-Scripting.h
- http://secunia.com/advisories/59524
- http://www.securityfocus.com/archive/1/532552/100/0/threaded
- http://www.securityfocus.com/bid/68197
- http://www.storesprite.com/docs/26/htb23215_xss_vulnerability/Vendor Advisory
- https://www.htbridge.com/advisory/HTB23215
FAQ
What is CVE-2014-3737?
CVE-2014-3737 is a vulnerability with a CVSS score of 2.6 (LOW). Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject ar...
How severe is CVE-2014-3737?
CVE-2014-3737 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3737?
Check the references section above for vendor advisories and patch information. Affected products include: Storesprite Storesprite.