Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4530

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-4530
Last Modified 07 Mar 2011 09:28:26
Published 27 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-4530

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.

Vulnerable Systems

Application

  • Alstrasoft Epay 3.0


References

VUPEN - ADV-2005-3074

SECUNIA - 18153

XF - alstrasoftepay-multiple-parameters-xss(23852)

BID - 16055

OSVDB - 21892

OSVDB - 21891

OSVDB - 21890

OSVDB - 21889

OSVDB - 21888

OSVDB - 21887

OSVDB - 21886

OSVDB - 21885

OSVDB - 21884

OSVDB - 21883

MISC - http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html


Last Updated: 27 May 2016 10:41:20