Lucene search
HistorySep 16, 2010 - 10:00 p.m.
CVE-2010-3421
cve-2010-3421
cross-site scripting
xss
affiliatelogin.asp
productcart 3
productcart 4.1 sp1
vulnerability
remote attackers
web script
html
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.007
Percentile
80.0%
Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
productcartproductcartMatch3.0
ORproductcartproductcartMatch4.1
ORproductcartproductcartMatch4.1sp1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| productcart | productcart | 3.0 | cpe:/a:productcart:productcart:3.0::: |
| productcart | productcart | 4.1 | cpe:/a:productcart:productcart:4.1::: |
| productcart | productcart | 4.1 | cpe:/a:productcart:productcart:4.1:sp1:: |
Related
nvd
nvd
cvelist
cvelist
prion
prion
Cross site scripting
2010-09-16 22:00:00
cve
cve
CVE-2004-2174
2005-07-10 04:00:00
CVE-2005-0995
2005-05-02 04:00:00
nessus
nessus
ProductCart Multiple Input Validation Vulnerabilities
2005-04-06 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.007
Percentile
80.0%
Related for CVE-2010-3421