Lucene search

K
nvd[email protected]NVD:CVE-2005-3152
HistoryOct 05, 2005 - 10:02 p.m.

CVE-2005-3152

2005-10-0522:02:00
web.nvd.nist.gov
2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.009

Percentile

82.8%

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.

Affected configurations

Nvd
Node
devellioncubecartMatch3.0.3
OR
devellioncubecartMatch3.0.7-pl1
VendorProductVersionCPE
devellioncubecart3.0.3cpe:2.3:a:devellion:cubecart:3.0.3:*:*:*:*:*:*:*
devellioncubecart3.0.7-pl1cpe:2.3:a:devellion:cubecart:3.0.7-pl1:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.009

Percentile

82.8%