CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-3152

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.064

EPSS Ranking 90.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://bugs.cubecart.com/?do=details&id=363
http://bugs.cubecart.com/?do=details&id=459
http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html
http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
http://securityreason.com/securityalert/35
http://securitytracker.com/id?1014984
http://www.securityfocus.com/bid/14962
https://exchange.xforce.ibmcloud.com/vulnerabilities/24177
http://bugs.cubecart.com/?do=details&id=363
http://bugs.cubecart.com/?do=details&id=459
http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html
http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
http://securityreason.com/securityalert/35
http://securitytracker.com/id?1014984
http://www.securityfocus.com/bid/14962
https://exchange.xforce.ibmcloud.com/vulnerabilities/24177

Products affected by CVE-2005-3152

Devellion » Cubecart » Version: 3.0.3

cpe:2.3:a:devellion:cubecart:3.0.3
Devellion » Cubecart » Version: 3.0.7-pl1

cpe:2.3:a:devellion:cubecart:3.0.7-pl1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3152

Products

Pricing

Contact Us