CVE-2005-0898

Name of the Vulnerable Software and Affected Versions E-Store Kit-2 PayPal Edition (affected versions not specified)

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the txn id parameter in the downloadform.php file.

Recommendations For E-Store Kit-2 PayPal Edition, consider restricting access to the downloadform.php file until a patch is available. As a temporary workaround, avoid using the txn id parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.