CVE-2005-4283

Name of the Vulnerable Software and Affected Versions The CITY Shop versions 1.3 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly the SKey parameter to the "store.cgi" endpoint.

Recommendations For versions 1.3 and earlier, consider restricting access to the search module until a fix is available. As a temporary workaround, avoid using the SKey parameter in the affected search module to minimize the risk of exploitation.