VirtueMart Multiple Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA24399

VERIFY ADVISORY:
http://secunia.com/advisories/24399/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
Some vulnerabilities have been reported in VirtueMart, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to unspecified parameters within ps_cart.php and
virtuemart_parser.php is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected
site.

The vulnerabilities are reported in versions prior to 1.0.10.

SOLUTION:
Update to version 1.0.10.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=490831