Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1188

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-1188
Last Modified 05 Sep 2008 04:48:28
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1188

Summary

Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.

Vulnerable Systems

Application

  • Comersus Open Technologies Comersus Cart 3.90

  • Comersus Open Technologies Comersus Cart 4.00

  • Comersus Open Technologies Comersus Cart 4.051

  • Comersus Open Technologies Comersus Cart 4.14

  • Comersus Open Technologies Comersus Cart 4.20b

  • Comersus Open Technologies Comersus Cart 4.23

  • Comersus Open Technologies Comersus Cart 4.27

  • Comersus Open Technologies Comersus Cart 4.28

  • Comersus Open Technologies Comersus Cart 4.29

  • Comersus Open Technologies Comersus Cart 4.36

  • Comersus Open Technologies Comersus Cart 4.47


References

BID - 13125

XF - comersus-comersussearchitem-xss(20147)

OSVDB - 15539

SECTRACK - 1013747

MISC - http://lostmon.blogspot.com/2005/04/comersus-asp-shopping-cart-variable.html


Last Updated: 27 May 2016 10:40:04