CVE-2005-4290

Name of the Vulnerable Software and Affected Versions ECW-Cart versions 2.03 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the kword, max, min, comp, and f parameters in the index.cgi file.

Recommendations For versions 2.03 and earlier, update to a version later than 2.03 to resolve the issue. As a temporary workaround, consider restricting access to the index.cgi file and validating user input for the kword, max, min, comp, and f parameters to prevent arbitrary script injection.