CVE-2005-1188

Comersus Cart 3.90-4.51 - Cross-Site Scripting via curPage Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1188. PoCs published by Lostmon.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Comersus Cart by injecting a script tag into the search parameter. The PoC uses a URL-encoded script to trigger an alert with the user's cookies.

Description

Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Lostmon · textwebappsasp
https://www.exploit-db.com/exploits/25390

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Comersus Cart by injecting a script tag into the search parameter. The PoC uses a URL-encoded script to trigger an alert with the user's cookies.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Comersus Cart (version not specified)
No auth needed
Prerequisites: Access to the target application's search functionality
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15539
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013747
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20147
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13125

Scores

EPSS 0.0362
EPSS Percentile 88.0%

Details

Status published
Products (11)
comersus_open_technologies/comersus_cart 3.90
comersus_open_technologies/comersus_cart 4.00
comersus_open_technologies/comersus_cart 4.14
comersus_open_technologies/comersus_cart 4.20b
comersus_open_technologies/comersus_cart 4.23
comersus_open_technologies/comersus_cart 4.27
comersus_open_technologies/comersus_cart 4.28
comersus_open_technologies/comersus_cart 4.29
comersus_open_technologies/comersus_cart 4.36
comersus_open_technologies/comersus_cart 4.47
... and 1 more
Published May 02, 2005
Tracked Since Feb 18, 2026