CVE-2005-1486
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
87.7%
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
Affected configurations
References
marc.info/?l=bugtraq&m=111530799109755&w=2
secunia.com/advisories/15232/
www.digitalparadox.org/advisories/fishc.txt
www.fishcart.org/archives/200505/msg00028.html
www.osvdb.org/16280
www.osvdb.org/16281
www.securityfocus.com/archive/1/457754/100/200/threaded
www.securityfocus.com/bid/13499
exchange.xforce.ibmcloud.com/vulnerabilities/20384
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
87.7%