1. CVE-Search
  2. CVE-2005-3152
ID CVE-2005-3152
Summary Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.
References
Vulnerable Configurations
  • cpe:2.3:a:devellion:cubecart:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:devellion:cubecart:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:devellion:cubecart:3.0.7-pl1:*:*:*:*:*:*:*
    cpe:2.3:a:devellion:cubecart:3.0.7-pl1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 14962
confirm http://bugs.cubecart.com/?do=details&id=363
misc
sectrack 1014984
sreason 35
xf cubecart-index-script-xss(24177)
Last major update 11-07-2017 - 01:33
Published 05-10-2005 - 22:02
Last modified 11-07-2017 - 01:33
Back to Top