CVE-2005-1823
published 2005-06-01CVE-2005-1823: Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.65%
88.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualiteam | x-cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w5rm-2969-2w83: Cross-site scripting (XSS) vulnerability in customer/home
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2009-3592 [MEDIUM] CWE-79 GHSA-w5rm-2969-2w83: Cross-site scripting (XSS) vulnerability in customer/home
Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.
GHSA
GHSA-52fq-r6j7-w73r: Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4
ghsa_unreviewed·2022-05-01
CVE-2005-1823 [MEDIUM] GHSA-52fq-r6j7-w73r: Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
No detection rules found.
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'help.php?section' Cross-Site Scripting
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'help.php?section' Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - 'help.php?section' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other v
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple Cross-Site Scripting Vulnerabilities
Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedl
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'register.php?mode' Cross-Site Scripting
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'register.php?mode' Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - 'register.php?mode' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'search.php?mode' Cross-Site Scripting
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'search.php?mode' Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - 'search.php?mode' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other ve
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'orders.php?mode' Cross-Site Scripting
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'orders.php?mode' Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - 'orders.php?mode' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Other ve
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'product.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'product.php' Multiple Cross-Site Scripting Vulnerabilities
Qualiteam X-Cart 4.0.8 - 'product.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'error_message.php?id' Cross-Site Scripting
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'error_message.php?id' Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - 'error_message.php?id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vulnerable. Oth
Exploit-DB
Qualiteam X-Cart 4.0.8 - 'home.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-05-30
CVE-2005-1823 Qualiteam X-Cart 4.0.8 - 'home.php' Multiple Cross-Site Scripting Vulnerabilities
Qualiteam X-Cart 4.0.8 - 'home.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/13817/info
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
X-Cart 4.0.8 is reportedly vu
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111748583101076&w=2http://secunia.com/advisories/15555http://securitytracker.com/id?1014077http://www.securityfocus.com/bid/13817https://exchange.xforce.ibmcloud.com/vulnerabilities/20774http://marc.info/?l=bugtraq&m=111748583101076&w=2http://secunia.com/advisories/15555http://securitytracker.com/id?1014077http://www.securityfocus.com/bid/13817https://exchange.xforce.ibmcloud.com/vulnerabilities/20774
2005-06-01
Published