Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2005-04-07T04:00:00
Updated: 2024-08-07T21:35:59.408Z
Reserved: 2005-04-07T00:00:00
Link: CVE-2005-0995

No data.

Status : Modified
Published: 2005-05-02T04:00:00.000
Modified: 2024-11-20T23:56:21.547
Link: CVE-2005-0995

No data.