Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-04-07T04:00:00
Updated: 2024-08-07T21:35:59.408Z
Reserved: 2005-04-07T00:00:00
Link: CVE-2005-0995
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2005-05-02T04:00:00.000
Modified: 2008-09-05T20:47:54.627
Link: CVE-2005-0995
Redhat
No data.