Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4293

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4293
Last Modified 07 Mar 2011 09:27:58
Published 16 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4293

Summary

Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.

Vulnerable Systems

Application

  • Kryptronic Clickcartpro 1.0

  • Kryptronic Clickcartpro 2.0

  • Kryptronic Clickcartpro 3.0

  • Kryptronic Clickcartpro 3.1

  • Kryptronic Clickcartpro 3.2

  • Kryptronic Clickcartpro 3.3

  • Kryptronic Clickcartpro 3.4

  • Kryptronic Clickcartpro 3.5

  • Kryptronic Clickcartpro 3.6

  • Kryptronic Clickcartpro 4.0

  • Kryptronic Clickcartpro 5.0

  • Kryptronic Clickcartpro 5.1


References

VUPEN - ADV-2005-2914

BID - 15896

SECUNIA - 17927

OSVDB - 21716

MISC - http://www.clickcartpro.com/forum/index.php?showtopic=12172

VIM - 20060124 vendor ack/fix - OSVDB ID: 21716 (fwd)

MISC - http://pridels0.blogspot.com/2005/12/clickcartpro-ccp-xss-vuln.html


Last Updated: 27 May 2016 10:41:14