Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1440

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-1440
Last Modified 05 Sep 2008 04:49:09
Published 03 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1440

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.

Vulnerable Systems

Application

  • Codetosell Viart Shop Enterprise 2.1.6


References

BID - 13462

OSVDB - 15958

OSVDB - 15957

OSVDB - 15956

OSVDB - 15955

OSVDB - 15954

OSVDB - 15953

OSVDB - 15952

OSVDB - 15951

SECTRACK - 1013853

SECUNIA - 15181

MISC - http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html


Last Updated: 27 May 2016 10:40:10