6.3 Medium
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.
CPE | Name | Operator | Version |
---|---|---|---|
alstrasoft:epay | alstrasoft epay | eq | 3.0 |
pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html
secunia.com/advisories/18153
www.osvdb.org/21883
www.osvdb.org/21884
www.osvdb.org/21885
www.osvdb.org/21886
www.osvdb.org/21887
www.osvdb.org/21888
www.osvdb.org/21889
www.osvdb.org/21890
www.osvdb.org/21891
www.osvdb.org/21892
www.securityfocus.com/bid/16055
www.vupen.com/english/advisories/2005/3074
exchange.xforce.ibmcloud.com/vulnerabilities/23852