PT-2005-4980 · Unknown · Commercesql
Publicado
2005-12-16
·
Atualizado
2011-03-08
·
CVE-2005-4292
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
CommerceSQL versions 1.0 and earlier
Description
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the
keywords parameter in the Quick Find feature.Recommendations
For CommerceSQL versions 1.0 and earlier, consider disabling the Quick Find feature or restricting access to the search module until a fix is available. Avoid using the
keywords parameter in the affected search functionality to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Commercesql