CVE-2005-1823

EPSS 3.6%

Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.

Affected products

n/a · n/a

public PoCs found — 8

exploitdbwww.exploit-db.com/exploits/25761unverified exploitdbwww.exploit-db.com/exploits/25766unverified exploitdbwww.exploit-db.com/exploits/25762unverified exploitdbwww.exploit-db.com/exploits/25759unverified exploitdbwww.exploit-db.com/exploits/25763unverified exploitdbwww.exploit-db.com/exploits/25760unverified exploitdbwww.exploit-db.com/exploits/25764unverified exploitdbwww.exploit-db.com/exploits/25765unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=111748583101076&w=2 http://secunia.com/advisories/15555 http://securitytracker.com/id?1014077 https://exchange.xforce.ibmcloud.com/vulnerabilities/20774 http://www.securityfocus.com/bid/13817