Lucene search

K
cveMitreCVE-2005-3152
HistoryOct 05, 2005 - 10:02 p.m.

CVE-2005-3152

2005-10-0522:02:00
mitre
web.nvd.nist.gov
29
cve
2005
3152
cross-site scripting
xss
cubecart
vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

82.8%

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.

Affected configurations

Nvd
Node
devellioncubecartMatch3.0.3
OR
devellioncubecartMatch3.0.7-pl1
VendorProductVersionCPE
devellioncubecart3.0.3cpe:2.3:a:devellion:cubecart:3.0.3:*:*:*:*:*:*:*
devellioncubecart3.0.7-pl1cpe:2.3:a:devellion:cubecart:3.0.7-pl1:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.009

Percentile

82.8%