4.3
CVE-2004-2411
- EPSS 2.19%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:09:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Virtual Programming ≫ Vp-asp Version4.0
Virtual Programming ≫ Vp-asp Version4.50
Virtual Programming ≫ Vp-asp Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.19% | 0.801 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://www.vpasp.com/virtprog/info/faq_securityfixes.htm
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0363.html
http://secunia.com/advisories/11846
http://www.osvdb.org/6949
http://www.providesecurity.com/research/advisories/06142004-01.asp
http://www.securityfocus.com/bid/10530
http://www.securityfocus.com/bid/10534
https://exchange.xforce.ibmcloud.com/vulnerabilities/16411