CVE-2005-1162
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.7%
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
Affected configurations
References
marc.info/?l=bugtraq&m=111352017704126&w=2
secunia.com/advisories/14969
securitytracker.com/id?1013720
www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
www.osvdb.org/15521
www.osvdb.org/15522
www.osvdb.org/15523
www.securityfocus.com/bid/13184
www.securityfocus.com/bid/13185
www.securityfocus.com/bid/13186
exchange.xforce.ibmcloud.com/vulnerabilities/20096
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.7%