Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Just Williams | Amazon Webstore | 04050100 |
References
- http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.htmlExploit
- http://secunia.com/advisories/15155ExploitVendor Advisory
- http://securitytracker.com/id?1013836Exploit
- http://www.osvdb.org/15892
- http://www.osvdb.org/15893
- http://www.osvdb.org/15894ExploitVendor Advisory
- http://www.securityfocus.com/bid/13419
- http://www.securityfocus.com/bid/13425
- http://www.securityfocus.com/bid/13426
- http://www.securityfocus.com/bid/13427Exploit
- http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.htmlExploit
- http://secunia.com/advisories/15155ExploitVendor Advisory
- http://securitytracker.com/id?1013836Exploit
- http://www.osvdb.org/15892
- http://www.osvdb.org/15893
FAQ
What is CVE-2005-1403?
CVE-2005-1403 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, ...
How severe is CVE-2005-1403?
CVE-2005-1403 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1403?
Check the references section above for vendor advisories and patch information. Affected products include: Just Williams Amazon Webstore.