CVE-2004-0681

Name of the Vulnerable Software and Affected Versions Comersus Cart version 5.09

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in various ASP files of Comersus Cart. These vulnerabilities allow remote attackers to execute web scripts as other users. The message parameter is specifically vulnerable to such attacks.

Recommendations For Comersus Cart version 5.09, consider restricting access to the comersus customerAuthenticateForm.asp, comersus backoffice message.asp, comersus supportError.asp, and comersus message.asp files until a patch is available. Avoid using the message parameter in these files to minimize the risk of exploitation.