Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3736

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3736
Last Modified 05 Sep 2008 04:55:09
Published 21 Nov 2005 07:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3736

Summary

Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp.

Vulnerable Systems

Application

  • Coastal Data Management E-quick Cart


References

SECTRACK - 1015244

OSVDB - 20996

OSVDB - 20995

OSVDB - 20994

OSVDB - 20993


Last Updated: 27 May 2016 10:41:02