CVE-2005-1292

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/15055
http://securitytracker.com/id?1013792	Exploit
http://www.osvdb.org/15775
http://www.osvdb.org/15776
http://www.osvdb.org/15777
http://www.osvdb.org/15778
http://www.osvdb.org/15780
http://marc.info/?l=bugtraq&m=111428393022389&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20249

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:elemental_software:cartwiz:*:*:*:*:*:*:*:*

Information

Published : 2005-05-01 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-1292

Mitre link : CVE-2005-1292

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

elemental_software

cartwiz

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/15055", "name": "15055", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1013792", "name": "1013792", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/15775", "name": "15775", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/15776", "name": "15776", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/15777", "name": "15777", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/15778", "name": "15778", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/15780", "name": "15780", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=111428393022389&w=2", "name": "20050423 Multiple Sql injection and XSS in CartWIZ ASP Cart", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20249", "name": "cartwiz-multiple-script-xss(20249)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1292", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-02T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:elemental_software:cartwiz:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}