CVE-2005-0995
published 2005-05-02CVE-2005-0995: Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.43%
69.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| early_impact | productcart | — | — |
| productcart | productcart | — | — |
| productcart | productcart | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mr2f-cw7q-5j4f: Cross-site scripting (XSS) vulnerability in AffiliateLogin
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-3421 [MEDIUM] CWE-79 GHSA-mr2f-cw7q-5j4f: Cross-site scripting (XSS) vulnerability in AffiliateLogin
Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-vmvp-ww26-87gp: Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2
ghsa_unreviewed·2022-05-01
CVE-2005-0995 [MEDIUM] GHSA-vmvp-ww26-87gp: Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2
Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://digitalparadox.org/advisories/prodcart.txthttp://secunia.com/advisories/14833http://www.osvdb.org/15264http://www.osvdb.org/15266http://www.osvdb.org/15267http://www.osvdb.org/15268http://www.securityfocus.com/bid/12990http://digitalparadox.org/advisories/prodcart.txthttp://secunia.com/advisories/14833http://www.osvdb.org/15264http://www.osvdb.org/15266http://www.osvdb.org/15267http://www.osvdb.org/15268http://www.securityfocus.com/bid/12990
2005-05-02
Published