Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alstrasoft | Epay | 3.0 |
References
- http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html
- http://secunia.com/advisories/18153Vendor Advisory
- http://www.osvdb.org/21883
- http://www.osvdb.org/21884
- http://www.osvdb.org/21885
- http://www.osvdb.org/21886
- http://www.osvdb.org/21887
- http://www.osvdb.org/21888
- http://www.osvdb.org/21889
- http://www.osvdb.org/21890
- http://www.osvdb.org/21891
- http://www.osvdb.org/21892
- http://www.securityfocus.com/bid/16055
- http://www.vupen.com/english/advisories/2005/3074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23852
FAQ
What is CVE-2005-4530?
CVE-2005-4530 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameter...
How severe is CVE-2005-4530?
CVE-2005-4530 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4530?
Check the references section above for vendor advisories and patch information. Affected products include: Alstrasoft Epay.