6.8

CVE-2005-1440

Exploit

EPSS 2.74%
Veröffentlicht 03.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codetosell ≫ Viart Shop Enterprise Version2.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.74%	0.855

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html

Exploit

http://secunia.com/advisories/15181

http://securitytracker.com/id?1013853

Exploit

http://www.osvdb.org/15951

Vendor Advisory

Exploit

http://www.osvdb.org/15952

http://www.osvdb.org/15953

http://www.osvdb.org/15954

http://www.osvdb.org/15955

http://www.osvdb.org/15956

http://www.osvdb.org/15957

http://www.osvdb.org/15958

http://www.securityfocus.com/bid/13462

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2005-1440

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1440

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1440

EUVD