CVE-2005-1440

Name of the Vulnerable Software and Affected Versions: ViArt Shop Enterprise version 2.1.6

Description: The issue allows remote attackers to inject arbitrary web script or HTML via various parameters, including those in basket.php, forum.php, page.php, reviews.php, product details.php, products.php, and news view.php. This can be achieved by manipulating parameters such as nickname, email, topic, message, page, category id, item id, search string, rp, or page.

Recommendations: For ViArt Shop Enterprise version 2.1.6, consider disabling the vulnerable parameters to mitigate the risk of exploitation until a patch is available. Restrict access to the affected scripts, such as basket.php, forum.php, page.php, reviews.php, product details.php, products.php, and news view.php, to minimize the risk of exploitation. Avoid using the vulnerable parameters, such as nickname, email, topic, message, page, category id, item id, search string, rp, or page, in the affected API endpoints until the issue is resolved.