Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1162

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2005-1162
Last Modified 05 Sep 2008 04:48:23
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1162

Summary

Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.

Vulnerable Systems

Application

  • Oneworldstore


References

BID - 13186

BID - 13185

BID - 13184

SECTRACK - 1013720

SECUNIA - 14969

XF - oneworldstore-xss(20096)

OSVDB - 15523

OSVDB - 15522

OSVDB - 15521

CONFIRM - http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab

BUGTRAQ - 20050414 Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore


Last Updated: 27 May 2016 10:40:04