CVE-2005-1292

2005-04-2604:00:00

mitre

www.cve.org

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.

References

marc.info/?l=bugtraq&m=111428393022389&w=2

secunia.com/advisories/15055

securitytracker.com/id?1013792

www.osvdb.org/15775

www.osvdb.org/15776

www.osvdb.org/15777

www.osvdb.org/15778

www.osvdb.org/15780

exchange.xforce.ibmcloud.com/vulnerabilities/20249