CVE-2005-1292

Medium

4.3/10

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published May 02, 2005

CVE-2005-1292

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS