CVE-2004-0675

Cart32 < - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dr.Ponidi Haryanto · textwebappscgi

https://www.exploit-db.com/exploits/24236

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16535

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10617

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108887778628398&w=2

Various Sources x_refsource_misc

http://drponidi.5u.com/advisory.htm

Scores

EPSS 0.0408

EPSS Percentile 88.7%

Details

Status published

Products (10)

mcmurtrey_whitaker_and_associates/cart32 2.5a

mcmurtrey_whitaker_and_associates/cart32 2.6

mcmurtrey_whitaker_and_associates/cart32 3.0

mcmurtrey_whitaker_and_associates/cart32 3.1

mcmurtrey_whitaker_and_associates/cart32 3.5

mcmurtrey_whitaker_and_associates/cart32 3.5_build619

mcmurtrey_whitaker_and_associates/cart32 3.5a

mcmurtrey_whitaker_and_associates/cart32 3.5a_build710

mcmurtrey_whitaker_and_associates/cart32 4.4

mcmurtrey_whitaker_and_associates/cart32 5.0

Published Aug 06, 2004

Tracked Since Feb 18, 2026