CVE-2003-0523

ProductCart - Cross-Site Scripting via Message Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0523. PoCs published by atomix.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ProductCart due to insufficient sanitization of user-supplied input in the 'message' parameter. The PoC includes URLs that inject JavaScript to steal cookies and an iframe to potentially trigger local file access.

Description

Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by atomix · textwebappsasp
https://www.exploit-db.com/exploits/22866

This exploit demonstrates a cross-site scripting (XSS) vulnerability in ProductCart due to insufficient sanitization of user-supplied input in the 'message' parameter. The PoC includes URLs that inject JavaScript to steal cookies and an iframe to potentially trigger local file access.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ProductCart (version not specified)
No auth needed
Prerequisites: Access to the vulnerable ProductCart instance
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105761696706800&w=2

Scores

EPSS 0.0330
EPSS Percentile 87.1%

Details

Status published
Products (16)
early_impact/productcart 1.5
early_impact/productcart 1.6b
early_impact/productcart 1.6b001
early_impact/productcart 1.6b002
early_impact/productcart 1.6b003
early_impact/productcart 1.6br
early_impact/productcart 1.6br001
early_impact/productcart 1.6br003
early_impact/productcart 1.5002
early_impact/productcart 1.5003
... and 6 more
Published Aug 18, 2003
Tracked Since Feb 18, 2026