CVE-2005-1486

Name of the Vulnerable Software and Affected Versions: FishCart version 3.1

Description: The issue concerns multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters to certain PHP files. The affected parameters include trackingnum, reqagree, m to upstracking.php, and nlst to display.php.

Recommendations: For FishCart version 3.1, consider restricting access to the upstracking.php and display.php files until a fix is available. As a temporary workaround, avoid using the trackingnum, reqagree, m, and nlst parameters in the affected API endpoints.