CVE-2005-1486
published 2005-05-11CVE-2005-1486: Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2)…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.64%
88.1th percentile
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fishnet | fishcart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FishCart 3.1 - 'display.php?nlst' Cross-Site Scripting
exploitdb·2005-05-04
CVE-2005-1486 FishCart 3.1 - 'display.php?nlst' Cross-Site Scripting
FishCart 3.1 - 'display.php?nlst' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13499/info
FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst='">alert(document
Exploit-DB
FishCart 3.1 - 'upstracking.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-05-04
CVE-2005-1486 FishCart 3.1 - 'upstracking.php' Multiple Cross-Site Scripting Vulnerabilities
FishCart 3.1 - 'upstracking.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/13499/info
FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/demo31/upstracking.php?trackingnum='">alert(document
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111530799109755&w=2http://secunia.com/advisories/15232/http://www.digitalparadox.org/advisories/fishc.txthttp://www.fishcart.org/archives/200505/msg00028.htmlhttp://www.osvdb.org/16280http://www.osvdb.org/16281http://www.securityfocus.com/archive/1/457754/100/200/threadedhttp://www.securityfocus.com/bid/13499https://exchange.xforce.ibmcloud.com/vulnerabilities/20384http://marc.info/?l=bugtraq&m=111530799109755&w=2http://secunia.com/advisories/15232/http://www.digitalparadox.org/advisories/fishc.txthttp://www.fishcart.org/archives/200505/msg00028.htmlhttp://www.osvdb.org/16280http://www.osvdb.org/16281http://www.securityfocus.com/archive/1/457754/100/200/threadedhttp://www.securityfocus.com/bid/13499https://exchange.xforce.ibmcloud.com/vulnerabilities/20384
2005-05-11
Published