CVE-2004-0675
Cart32 - Cross-Site Scripting via cart32 Parameter in GetLatestBuilds Command
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-0675. PoCs published by Dr.Ponidi Haryanto.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cart32 versions 5.0 and prior. The vulnerability arises from insufficient sanitization of user-supplied input, allowing an attacker to inject malicious script code via a crafted URL.
Description
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cart32 versions 5.0 and prior. The vulnerability arises from insufficient sanitization of user-supplied input, allowing an attacker to inject malicious script code via a crafted URL.