PT-2005-4971 · City · City Shop

Published

2005-12-16

Updated

2011-03-08

CVE-2005-4283

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions The CITY Shop versions 1.3 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly the SKey parameter to the "store.cgi" endpoint.

Recommendations For versions 1.3 and earlier, consider restricting access to the search module until a fix is available. As a temporary workaround, avoid using the SKey parameter in the affected search module to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4283

Affected Products

City Shop

PT-2005-4971 · City · City Shop

CVE-2005-4283

Related Identifiers

Affected Products

References · 6