Vulnerabilities > CVE-2004-2109 - Cross-Site Scripting vulnerability in QuadComm Q-Shop

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

quadcomm

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.

Vulnerable Configurations

Part	Description	Count
Application	Quadcomm Quadcomm Q Shop 2.0 Quadcomm Q Shop 2.1 Quadcomm Q Shop 2.5 Quadcomm Q Shop 2.5_Beta	4

References

http://marc.info/?l=bugtraq&m=107488132208229&w=2
http://secunia.com/advisories/10704
http://www.osvdb.org/3696
http://www.osvdb.org/3697
http://www.securityfocus.com/bid/9480
https://exchange.xforce.ibmcloud.com/vulnerabilities/14923