CVE-2004-0305

CVE-2004-0305 describes a cross-site scripting (XSS) vulnerability in WebCortex WebStores 2000 version 6.0, specifically in error.asp. The underlying issue is the handling of the Message_id parameter, enabling remote attackers to execute arbitrary scripts in the context of other users’ sessions a...

CVE-2004-0304

The CVE maps to WebStores 2000 (WebCortex WebStores 2000 6.0). A SQL injection vulnerability in browse_items.asp (and related details via browse_item_details.asp) allows remote attackers to manipulate the backend database through the Search_Text parameter, potentially enabling unauthorized access...