Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-07-02T20:00:00

Updated: 2024-08-06T10:50:17.983Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3737

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-07-02T20:55:05.767

Modified: 2024-11-21T02:08:44.910

Link: CVE-2014-3737

cve-icon Redhat

No data.