CVE-2004-2411

Name of the Vulnerable Software and Affected Versions: VP-ASP Shopping Cart versions 4.0 through 5.0

Description: The issue concerns the CleanseMessage function in shop$db.asp, which does not properly cleanse inputs. This allows remote attackers to conduct cross-site scripting (XSS) attacks without using parameter in "shopdisplayproducts.asp" or the msg parameter in "shoperror.asp", and possibly other vectors.

Recommendations: For VP-ASP Shopping Cart versions 4.0 through 5.0, consider disabling the CleanseMessage function in shop$db.asp until a proper fix is available, and restrict access to the affected parameters cat in "shopdisplayproducts.asp" and msg in "shoperror.asp" to minimize the risk of exploitation.