Vulnerabilities > CVE-2004-2109 - Unspecified vulnerability in Quadcomm Q-Shop

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

quadcomm

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.

Vulnerable Configurations

Part	Description	Count
Application	Quadcomm Quadcomm Q Shop 2.1 Quadcomm Q Shop 2.0 Quadcomm Q Shop 2.5 Quadcomm Q Shop 2.5_Beta	4

References

http://marc.info/?l=bugtraq&m=107488132208229&w=2
http://marc.info/?l=bugtraq&m=107488132208229&w=2
http://secunia.com/advisories/10704
http://secunia.com/advisories/10704
http://www.osvdb.org/3696
http://www.osvdb.org/3696
http://www.osvdb.org/3697
http://www.osvdb.org/3697
http://www.securityfocus.com/bid/9480
http://www.securityfocus.com/bid/9480
https://exchange.xforce.ibmcloud.com/vulnerabilities/14923
https://exchange.xforce.ibmcloud.com/vulnerabilities/14923