Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0675

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0675
Last Modified 05 Sep 2008 04:39:04
Published 06 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0675

Summary

Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.

Vulnerable Systems

Application

  • Mcmurtrey Whitaker And Associates Cart32 2.5a

  • Mcmurtrey Whitaker And Associates Cart32 2.6

  • Mcmurtrey Whitaker And Associates Cart32 3.0

  • Mcmurtrey Whitaker And Associates Cart32 3.1

  • Mcmurtrey Whitaker And Associates Cart32 3.5

  • Mcmurtrey Whitaker And Associates Cart32 3.5 Build619

  • Mcmurtrey Whitaker And Associates Cart32 3.5a

  • Mcmurtrey Whitaker And Associates Cart32 3.5a Build710

  • Mcmurtrey Whitaker And Associates Cart32 4.4

  • Mcmurtrey Whitaker And Associates Cart32 5.0


References

XF - cart32-getlatestbuilds-xss(16535)

BID - 10617

BUGTRAQ - 20040703 Cart32 Input Validation Flaw in 'GetLatestBuilds?cart32=' Permits Remote Cross-Site Scripting Attacks


Last Updated: 27 May 2016 10:38:42