CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-1292

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://marc.info/?l=bugtraq&m=111428393022389&w=2
http://secunia.com/advisories/15055
http://securitytracker.com/id?1013792
http://www.osvdb.org/15775
http://www.osvdb.org/15776
http://www.osvdb.org/15777
http://www.osvdb.org/15778
http://www.osvdb.org/15780
https://exchange.xforce.ibmcloud.com/vulnerabilities/20249
http://marc.info/?l=bugtraq&m=111428393022389&w=2
http://secunia.com/advisories/15055
http://securitytracker.com/id?1013792
http://www.osvdb.org/15775
http://www.osvdb.org/15776
http://www.osvdb.org/15777
http://www.osvdb.org/15778
http://www.osvdb.org/15780
https://exchange.xforce.ibmcloud.com/vulnerabilities/20249

Products affected by CVE-2005-1292

Elemental Software » Cartwiz » Version: Any

cpe:2.3:a:elemental_software:cartwiz:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-1292

Products

Pricing

Contact Us