Vulnerabilities > CVE-2004-2123 - Cross-Site Scripting vulnerability in E-Commerce Asp Engine
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
nextplace
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |