CVE-2005-1403

Amazon Webstore 04050100 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-1403. PoCs published by Lostmon.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Amazon Webstore, where user-supplied input is not properly sanitized, allowing arbitrary script execution. The example URL demonstrates the vulnerability by injecting a script tag to display the user's cookies.

Description

Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.

Exploits (4)

exploitdb WRITEUP VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25565

The provided text describes a cross-site scripting (XSS) vulnerability in Amazon Webstore, where user-supplied input is not properly sanitized, allowing arbitrary script execution. The example URL demonstrates the vulnerability by injecting a script tag to display the user's cookies.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Amazon Webstore version 04050100
No auth needed
Prerequisites: A vulnerable version of Amazon Webstore · User interaction to visit a crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25566

The provided text describes a cross-site scripting (XSS) vulnerability in Amazon Webstore, where user-supplied input is not properly sanitized. The example URL demonstrates how arbitrary script code can be executed in a user's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Amazon Webstore version 04050100
No auth needed
Prerequisites: Access to a vulnerable Amazon Webstore instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25564

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Amazon Webstore by injecting arbitrary JavaScript code via the 'currentIsExpanded' parameter. The PoC uses a simple alert to display the document cookie, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Amazon Webstore version 04050100
No auth needed
Prerequisites: A vulnerable version of Amazon Webstore · User interaction to visit the crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25560

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Amazon Webstore by injecting arbitrary JavaScript code via the 'image' parameter in the URL. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Amazon Webstore version 04050100
No auth needed
Prerequisites: Access to a vulnerable Amazon Webstore instance · User interaction to visit the crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13419
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13425
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13426
Exploit, Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/15894
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13427
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15893
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15892
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15155
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013836

Scores

EPSS 0.0573
EPSS Percentile 92.1%

Details

Status published
Published May 03, 2005
Tracked Since Feb 18, 2026