Description
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25564
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25560
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13419
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13425
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13426
Exploit, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15894
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13427
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15893
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15892
Exploit x_refsource_misc
http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15155
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013836
Scores
EPSS
0.0192
EPSS Percentile
83.4%
Details
Status
published
Published
May 03, 2005
Tracked Since
Feb 18, 2026