Vulnerabilities > CVE-2005-1440 - Cross-Site Scripting and HTML Injection vulnerability in Codetosell Viart Shop Enterprise 2.1.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description CodetoSell ViArt Shop Enterprise 2.1.6 products.php Multiple Parameter XSS. CVE-2005-1440 . Webapps exploit for php platform id EDB-ID:25579 last seen 2016-02-03 modified 2005-05-02 published 2005-05-02 reporter Lostmon source https://www.exploit-db.com/download/25579/ title CodetoSell ViArt Shop Enterprise 2.1.6 products.php Multiple Parameter XSS description CodetoSell ViArt Shop Enterprise 2.1.6 basket.php Multiple Parameter XSS. CVE-2005-1440. Webapps exploit for php platform id EDB-ID:25575 last seen 2016-02-03 modified 2005-05-02 published 2005-05-02 reporter Lostmon source https://www.exploit-db.com/download/25575/ title CodetoSell ViArt Shop Enterprise 2.1.6 basket.php Multiple Parameter XSS description CodetoSell ViArt Shop Enterprise 2.1.6 news_view.php Multiple Parameter XSS. CVE-2005-1440. Webapps exploit for php platform id EDB-ID:25580 last seen 2016-02-03 modified 2005-05-02 published 2005-05-02 reporter Lostmon source https://www.exploit-db.com/download/25580/ title CodetoSell ViArt Shop Enterprise 2.1.6 news_view.php Multiple Parameter XSS description CodetoSell ViArt Shop Enterprise 2.1.6 reviews.php Multiple Parameter XSS. CVE-2005-1440. Webapps exploit for php platform id EDB-ID:25577 last seen 2016-02-03 modified 2005-05-02 published 2005-05-02 reporter Lostmon source https://www.exploit-db.com/download/25577/ title CodetoSell ViArt Shop Enterprise 2.1.6 reviews.php Multiple Parameter XSS description CodetoSell ViArt Shop Enterprise 2.1.6 page.php page Parameter XSS. CVE-2005-1440 . Webapps exploit for php platform id EDB-ID:25576 last seen 2016-02-03 modified 2005-05-02 published 2005-05-02 reporter Lostmon source https://www.exploit-db.com/download/25576/ title CodetoSell ViArt Shop Enterprise 2.1.6 page.php page Parameter XSS
References
- http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html
- http://secunia.com/advisories/15181
- http://securitytracker.com/id?1013853
- http://www.osvdb.org/15951
- http://www.osvdb.org/15952
- http://www.osvdb.org/15953
- http://www.osvdb.org/15954
- http://www.osvdb.org/15955
- http://www.osvdb.org/15956
- http://www.osvdb.org/15957
- http://www.osvdb.org/15958
- http://www.securityfocus.com/bid/13462