CVE-2005-4292

2005-12-1611:00:00

mitre

www.cve.org

5.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature.

References

pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html

secunia.com/advisories/17932

www.osvdb.org/21717

www.securityfocus.com/bid/15888

www.vupen.com/english/advisories/2005/2920