CVE-2005-1823 - Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers

CVE-2005-1823

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.

References

Vulnerable Configurations

cpe:2.3:a:qualiteam:x-cart:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:qualiteam:x-cart:4.0.8:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	13817
bugtraq	20050530 Multiple vulnerabilities in x-cart Gold
sectrack	1014077
secunia	15555
xf	xcart-multiple-scripts-xss(20774)

Last major update

11-07-2017 - 01:32

Published

01-06-2005 - 04:00

Last modified

11-07-2017 - 01:32