CVE-2005-2386

CartWIZ 1.20 - Cross-Site Scripting via viewCart.asp Message Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2386. PoCs published by Zinho.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in CartWIZ due to improper input sanitization. The example URL demonstrates how an attacker could inject arbitrary script code via the 'message' parameter.

Description

Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Zinho · textwebappsasp
https://www.exploit-db.com/exploits/26033

The provided text describes a cross-site scripting (XSS) vulnerability in CartWIZ due to improper input sanitization. The example URL demonstrates how an attacker could inject arbitrary script code via the 'message' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CartWIZ (version not specified)
No auth needed
Prerequisites: Access to a vulnerable CartWIZ instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14386

Scores

EPSS 0.0138
EPSS Percentile 68.6%

Details

Status published
Products (2)
elemental_software/cartwiz 1.10
elemental_software/cartwiz 1.20
Published Jul 27, 2005
Tracked Since Feb 18, 2026