Vulnerabilities > CVE-2005-0995 - Input Validation vulnerability in Early Impact Productcart 2.7
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | PRODUCTCART_MULTIPLE_INPUT_VULNS.NASL |
| description | The remote host is running a version of the ProductCart shopping cart software that suffers from several input validation vulnerabilities: - SQL Injection Vulnerabilities The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17971 |
| published | 2005-04-06 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17971 |
| title | ProductCart Multiple Input Validation Vulnerabilities |