Vulnerability Details : CVE-2005-1440
Potential exploit
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2005-1440
- cpe:2.3:a:codetosell:viart_shop_enterprise:2.1.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-1440
2.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-1440
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2005-1440
-
http://www.osvdb.org/15955
-
http://www.securityfocus.com/bid/13462
Exploit
-
http://www.osvdb.org/15957
-
http://www.osvdb.org/15954
-
http://www.osvdb.org/15958
-
http://www.osvdb.org/15956
-
http://www.osvdb.org/15953
-
http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html
Exploit
-
http://securitytracker.com/id?1013853
Exploit
-
http://www.osvdb.org/15952
-
http://secunia.com/advisories/15181
-
http://www.osvdb.org/15951
Exploit;Vendor Advisory
Jump to