CVE-2005-1823

Name of the Vulnerable Software and Affected Versions X-Cart version 4.0.8

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different PHP files. This can be achieved through the cat or printable parameter to "home.php", productid or mode parameter to "product.php", id parameter to "error message.php", section parameter to "help.php", mode parameter to "orders.php", mode parameter to "register.php", mode parameter to "search.php", or the gcid or gcindex parameter to "giftcert.php".

Recommendations For X-Cart version 4.0.8, update to a version that includes a fix for this issue to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the affected PHP files until a patch is available. Avoid using the parameters cat, printable, productid, mode, id, section, gcid, and gcindex in the respective API endpoints until the issue is resolved.