CVE-2001-1212

Aktivate 1.03 - Cross-Site Scripting via desc Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1212. PoCs published by Tamer Sahin.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Aktivate shopping cart system version 1.03. The vulnerability allows arbitrary script execution in the context of the affected site via a crafted URL.

Description

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tamer Sahin · textwebappscgi

https://www.exploit-db.com/exploits/21187

View Code ZIP pw:eip

This is a writeup describing a cross-site scripting (XSS) vulnerability in Aktivate shopping cart system version 1.03. The vulnerability allows arbitrary script execution in the context of the affected site via a crafted URL.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Aktivate 1.03

No auth needed

Prerequisites: A vulnerable version of Aktivate · User interaction to click a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/7717.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3714

Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/246274

Scores

EPSS 0.0762

EPSS Percentile 93.8%

Details

Status published

Products (1)

aktivate/aktivate 1.03

Published Dec 18, 2001

Tracked Since Feb 18, 2026