Comersus Cart is affected by a remote HTML injection vulnerability.
The problem presents itself when a malicious user enters HTML and script code through the Username field of the affected application. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Comersus Cart 6.03 is affected by this issue. Other versions may be vulnerable as well.
No exploit is required to leverage this issue.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.