CVE-2005-0995

Name of the Vulnerable Software and Affected Versions ProductCart version 2.7

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the keyword parameter to "advSearch h.asp", the redirectUrl parameter to "NewCust.asp", the country parameter to "storelocator submit.asp", and the error parameter to "techErr.asp". Note that "storelocator submit.asp" has been reported as non-existent in ProductCart.

Recommendations For ProductCart version 2.7, consider disabling the affected parameters, such as keyword, redirectUrl, country, and error, in their respective API endpoints until a patch is available. Restrict access to the affected API endpoints, "advSearch h.asp", "NewCust.asp", and "techErr.asp", to minimize the risk of exploitation.