PT-2005-2572 · Codethat · Codethat Shoppingcart

Icaro

Published

2005-05-16

Updated

2008-09-05

CVE-2005-1593

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CodeThat ShoppingCart version 1.3.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the id parameter in the catalog.php file.

Recommendations For CodeThat ShoppingCart version 1.3.1, avoid using the id parameter in the catalog.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the id parameter to prevent malicious script injection.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1593

Affected Products

Codethat Shoppingcart

PT-2005-2572 · Codethat · Codethat Shoppingcart

CVE-2005-1593

Related Identifiers

Affected Products

References · 7