ID CVE-2005-1440
Summary Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
References
Vulnerable Configurations
  • cpe:2.3:a:codetosell:viart_shop_enterprise:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:codetosell:viart_shop_enterprise:2.1.6:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 05-09-2008 - 20:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 13462
misc http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html
osvdb
  • 15951
  • 15952
  • 15953
  • 15954
  • 15955
  • 15956
  • 15957
  • 15958
sectrack 1013853
secunia 15181
Last major update 05-09-2008 - 20:49
Published 03-05-2005 - 04:00
Last modified 05-09-2008 - 20:49
Back to Top