Published: 03/05/2005 Updated: 05/09/2008

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 710

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote malicious users to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
codetosell viart shop enterprise 2.1.6

source: wwwsecurityfocuscom/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be ab ...

source: wwwsecurityfocuscom/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be able t ...

source: wwwsecurityfocuscom/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be able ...

source: wwwsecurityfocuscom/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be able to ac ...

source: wwwsecurityfocuscom/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be able to acce ...

source: wwwsecurityfocuscom/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be able to ...

NVD-CWE-Other http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html http://www.securityfocus.com/bid/13462 http://www.osvdb.org/15951 http://www.osvdb.org/15952 http://www.osvdb.org/15953 http://www.osvdb.org/15954 http://www.osvdb.org/15955 http://www.osvdb.org/15956 http://www.osvdb.org/15957 http://www.osvdb.org/15958 http://securitytracker.com/id?1013853 http://secunia.com/advisories/15181 https://nvd.nist.gov https://www.exploit-db.com/exploits/25580/

CVE-2005-1440

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect