Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 up to and including 5.0 does not sufficiently cleanse inputs, which allows remote malicious users to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
virtual programming vp-asp 4.0
virtual programming vp-asp 4.50
virtual programming vp-asp 5.0

source: wwwsecurityfocuscom/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperrorasp' script An attacker can exploit this issue to steal cookie authentication credentia ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0363.html http://www.providesecurity.com/research/advisories/06142004-01.asp http://www.vpasp.com/virtprog/info/faq_securityfixes.htm http://www.securityfocus.com/bid/10530 http://www.securityfocus.com/bid/10534 http://www.osvdb.org/6949 http://secunia.com/advisories/11846 https://exchange.xforce.ibmcloud.com/vulnerabilities/16411 https://nvd.nist.gov https://www.exploit-db.com/exploits/24198/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2411

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect