Vulnerabilities > CVE-2005-4292 - Cross-Site Scripting vulnerability in CommerceSQL Search Module

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

internet-express-products

NVD

Published: 2005-12-16

Updated: 2011-03-08

Summary

Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature.

Vulnerable Configurations

Part	Description	Count
Application	Internet_Express_Products Internet Express Products Commercesql *	1

References

http://pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html
http://secunia.com/advisories/17932
http://www.osvdb.org/21717
http://www.securityfocus.com/bid/15888
http://www.vupen.com/english/advisories/2005/2920