2 matches found
CVE-2004-2411
The CVE-2004-2411 entry concerns VP-ASP Shopping Cart versions 4.0–5.0 where the CleanseMessage function in shop$db.asp does not adequately sanitize inputs. This permits remote XSS attacks that do not rely on traditional [removed] tags, demonstrated via javascript in IMG tags affecting the cat pa...
CVE-2004-2411
The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting XSS attacks that do not use tags, as demonstrated via javascript in IMG tags to 1 the cat parameter in...