1. CVE-Search
  2. CVE-2005-1403
ID CVE-2005-1403
Summary Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
References
Vulnerable Configurations
  • cpe:2.3:a:just_williams:amazon_webstore:04050100:*:*:*:*:*:*:*
    cpe:2.3:a:just_williams:amazon_webstore:04050100:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 05-09-2008 - 20:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 13419
  • 13425
  • 13426
  • 13427
misc http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html
osvdb
  • 15892
  • 15893
  • 15894
sectrack 1013836
secunia 15155
Last major update 05-09-2008 - 20:49
Published 03-05-2005 - 04:00
Last modified 05-09-2008 - 20:49
Back to Top