CVE-2005-1403 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Just Williams	Amazon Webstore

Configuration 1 [-]

cpe:2.3:a:just_williams:amazon_webstore:04050100:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html
http://secunia.com/advisories/15155
http://securitytracker.com/id?1013836
http://www.osvdb.org/15892
http://www.osvdb.org/15893
http://www.osvdb.org/15894
http://www.securityfocus.com/bid/13419
http://www.securityfocus.com/bid/13425
http://www.securityfocus.com/bid/13426
http://www.securityfocus.com/bid/13427

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-03T04:00:00

Updated: 2024-08-07T21:51:50.294Z

Reserved: 2005-05-03T00:00:00

Link: CVE-2005-1403

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2005-05-03T04:00:00.000

Modified: 2008-09-05T20:49:03.467

Link: CVE-2005-1403

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-01-11T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13419", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13419"}, {"name": "13425", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13425"}, {"name": "13426", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13426"}, {"name": "15894", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/15894"}, {"name": "13427", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13427"}, {"name": "15893", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/15893"}, {"name": "15892", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/15892"}, {"tags": ["x_refsource_MISC"], "url": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html"}, {"name": "15155", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15155"}, {"name": "1013836", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1013836"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1403", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13419", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13419"}, {"name": "13425", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13425"}, {"name": "13426", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13426"}, {"name": "15894", "refsource": "OSVDB", "url": "http://www.osvdb.org/15894"}, {"name": "13427", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13427"}, {"name": "15893", "refsource": "OSVDB", "url": "http://www.osvdb.org/15893"}, {"name": "15892", "refsource": "OSVDB", "url": "http://www.osvdb.org/15892"}, {"name": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html", "refsource": "MISC", "url": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html"}, {"name": "15155", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15155"}, {"name": "1013836", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013836"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:51:50.294Z"}, "title": "CVE Program Container", "references": [{"name": "13419", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13419"}, {"name": "13425", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13425"}, {"name": "13426", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13426"}, {"name": "15894", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/15894"}, {"name": "13427", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13427"}, {"name": "15893", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/15893"}, {"name": "15892", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/15892"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html"}, {"name": "15155", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/15155"}, {"name": "1013836", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1013836"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1403", "datePublished": "2005-05-03T04:00:00", "dateReserved": "2005-05-03T00:00:00", "dateUpdated": "2024-08-07T21:51:50.294Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:just_williams:amazon_webstore:04050100:*:*:*:*:*:*:*", "matchCriteriaId": "1F25C4B5-21C9-4F40-A475-F3DCA125FA14", "vulnerable": false}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie."}], "id": "CVE-2005-1403", "lastModified": "2008-09-05T20:49:03.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/15155"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1013836"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/15892"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/15893"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.osvdb.org/15894"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/13419"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/13425"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/13426"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/13427"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}