CVE-2005-1823

Exploitation Summary

EIP tracks 8 public exploits for CVE-2005-1823. PoCs published by CENSORED Search Vulnerabilities.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example XSS payload. It lacks executable exploit code but details the attack vectors.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.

Exploits (8)

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25765

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example XSS payload. It lacks executable exploit code but details the attack vectors.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the target application's search.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25764

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example XSS payload. It lacks executable exploit code but details the vulnerability and potential impact.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the target application's register.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25760

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with example URLs demonstrating the XSS attack vectors. It lacks executable exploit code but provides technical details and attack vectors.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25763

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example XSS payload. It lacks executable exploit code but details the vulnerability and potential impact.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25759

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with example URLs demonstrating XSS payloads. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the target application URL

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25762

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example XSS payload. It lacks executable exploit code but details the attack vectors.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the target application's help.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25766

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with example URLs demonstrating the XSS attack vectors. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25761

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example XSS payload. It lacks executable exploit code but outlines the attack vectors.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart instance

MITRE ATT&CK