CVE-2005-1968

Name of the Vulnerable Software and Affected Versions ProductCart Ecommerce versions prior to 2.7

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is achieved by injecting malicious input via the error parameter to the "techErr.asp" API endpoint.

Recommendations For versions prior to 2.7, update to version 2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "techErr.asp" endpoint or validating and sanitizing the error parameter to prevent malicious input.