CVE-2005-0443

Name of the Vulnerable Software and Affected Versions CubeCart version 2.0.4

Description The issue allows remote attackers to either obtain the full path for the web server or conduct cross-site scripting (XSS) attacks. This is achieved via an invalid language parameter in index.php, which echoes the parameter in a PHP error message, potentially leading to XSS attacks or information disclosure.

Recommendations For CubeCart version 2.0.4, consider validating and sanitizing the language parameter to prevent echoing of invalid input, and restrict access to error messages that could disclose sensitive information. As a temporary workaround, consider disabling the language parameter functionality in index.php until a patch is available.