1. CVE-Search
  2. CVE-2005-1162
ID CVE-2005-1162
Summary Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*
    cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid
  • 13184
  • 13185
  • 13186
bugtraq 20050414 Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore
confirm http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
osvdb
  • 15521
  • 15522
  • 15523
sectrack 1013720
secunia 14969
xf oneworldstore-xss(20096)
Last major update 14-02-2024 - 01:17
Published 02-05-2005 - 04:00
Last modified 14-02-2024 - 01:17
Back to Top