NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-1440

Summary	Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
Publication Date	May 3, 2005, 1 p.m.
Registration Date	Jan. 29, 2021, 5:58 p.m.
Last Update	Sept. 6, 2008, 5:49 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:codetosell:viart_shop_enterprise:2.1.6:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html	MISC	Exploit
2	http://secunia.com/advisories/15181	SECUNIA
3	http://securitytracker.com/id?1013853	SECTRACK	Exploit
4	http://www.osvdb.org/15951	OSVDB	Exploit Vendor Advisory
5	http://www.osvdb.org/15952	OSVDB
6	http://www.osvdb.org/15953	OSVDB
7	http://www.osvdb.org/15954	OSVDB
8	http://www.osvdb.org/15955	OSVDB
9	http://www.osvdb.org/15956	OSVDB
10	http://www.osvdb.org/15957	OSVDB
11	http://www.osvdb.org/15958	OSVDB
12	http://www.securityfocus.com/bid/13462	BID	Exploit

Common Vulnerabilities List