Back to search
CVE-2004-2411
Published: Aug 18, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
11846
third-party-advisory
x_refsource_SECUNIA
6949
vdb-entry
x_refsource_OSVDB
10530
vdb-entry
x_refsource_BID
10534
vdb-entry
x_refsource_BID
http://www.vpasp.com/virtprog/info/faq_securityfixes.htm
x_refsource_CONFIRM
vpasp-shoperror-xss(16411)
vdb-entry
x_refsource_XF
20040613 VP-ASP Shopping Cart Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now