# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 15/2011

============ { Ariko-Security - Advisory #2/4/2011 } =============

LiveCart Shopping Cart multiple vulnerabilities

Vendor's description of software and demo:
# http://demo.livecart.com

Dork:
# N/a

Application Info:
#livecart 1.4.0

Vulnerability Info:
# Type: multiple XSS

Time Table:
# 31/01/2011 - Vendor notified

XSS:
#Input passed to the "_validator" ,"currency", "showAll" ,"theme", "returnPath" ,"q" ,"id", "cathandle" parameters in index.php is not properly sanitised before being returned to the user.

Solution:
# Input validation of vulnerable parameters should be corrected.

Credit:
# Discoverd By: Ariko-Security 2011