CVE-2005-1440
ViArt Shop Enterprise 2.1.6 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 6 public exploits for CVE-2005-1440. PoCs published by Lostmon.
AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in ViArt Shop due to insufficient input sanitization. It includes example URLs demonstrating how attacker-supplied script code can be injected via query parameters.
Description
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
Exploits (6)
The provided text describes multiple XSS vulnerabilities in ViArt Shop due to insufficient input sanitization. It includes example URLs demonstrating how attacker-supplied script code can be injected via query parameters.
The provided text describes a cross-site scripting (XSS) vulnerability in ViArt Shop, where user-supplied input is not properly sanitized, allowing for HTML and script code injection. The example URL demonstrates how an attacker could inject malicious code via the 'category_id' parameter.
The provided text describes XSS and HTML injection vulnerabilities in ViArt Shop due to improper input sanitization. It includes example URLs demonstrating how attacker-supplied code could be injected via the 'category_id' and 'search_string' parameters.
This exploit demonstrates XSS vulnerabilities in ViArt Shop by injecting malicious scripts and HTML forms via the 'page' parameter. The PoC shows how an attacker can steal cookies or create fake login forms to phish credentials.
The provided text describes multiple XSS vulnerabilities in ViArt Shop due to improper input sanitization. It includes example URLs demonstrating how attacker-supplied code could be injected via the 'rp' and 'page' parameters.
This exploit demonstrates multiple XSS vulnerabilities in ViArt Shop by injecting malicious script code into URL parameters. The PoC provides specific URLs that can be used to trigger the vulnerabilities.