Published: 11/05/2005 Updated: 19/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fishnet fishcart 3.1

source: wwwsecurityfocuscom/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit v ...

source: wwwsecurityfocuscom/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit ...

CWE-79 http://www.digitalparadox.org/advisories/fishc.txt http://www.securityfocus.com/bid/13499 http://secunia.com/advisories/15232/http://www.osvdb.org/16280 http://www.osvdb.org/16281 http://www.fishcart.org/archives/200505/msg00028.html http://marc.info/?l=bugtraq&m=111530799109755&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/20384 http://www.securityfocus.com/archive/1/457754/100/200/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/25601/

CVE-2005-1486

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect