Description
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
Exploits (6)
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25576
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/25575
References (12)
Core 12
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13462
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15958
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013853
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15955
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15953
Exploit x_refsource_misc
http://lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15954
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15181
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15952
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15957
Exploit, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15951
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15956
Scores
EPSS
0.0274
EPSS Percentile
86.1%
Details
Status
published
Products (1)
codetosell/viart_shop_enterprise
2.1.6
Published
May 03, 2005
Tracked Since
Feb 18, 2026