CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5CVE-2005-3152 – CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3152
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1. • https://www.exploit-db.com/exploits/26304 https://www.exploit-db.com/exploits/26303 http://bugs.cubecart.com/?do=details&id=363 http://bugs.cubecart.com/?do=details&id=459 http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html http://securityreason.com/securityalert/35 http://securitytracker.com/id?1014984 http://www.securityfocus.com/bid/14962 https://exchange.xforce.ibmcloud. •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 4CVE-2005-1033 – CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
https://notcve.org/view.php?id=CVE-2005-1033
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. • https://www.exploit-db.com/exploits/25355 https://www.exploit-db.com/exploits/25356 https://www.exploit-db.com/exploits/25357 https://www.exploit-db.com/exploits/25358 http://marc.info/?l=bugtraq&m=111281457918479&w=2 http://securitytracker.com/id?1013660 http://www.osvdb.org/14064 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 4CVE-2005-0606 – CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0606
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. • https://www.exploit-db.com/exploits/25162 http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://secunia.com/advisories/14416 http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 http://www.securityfocus.com/bid/12658 https://exchange.xforce.ibmcloud.com/vulnerabilities/20637 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2005-0607
https://notcve.org/view.php?id=CVE-2005-0607
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. • http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 https://exchange.xforce.ibmcloud.com/vulnerabilities/20638 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2005-0443 – Brooky CubeCart 2.0.1/2.0.4 - 'index.php?language' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. • https://www.exploit-db.com/exploits/25097 http://marc.info/?l=bugtraq&m=110842125901191&w=2 http://www.cubecart.com/site/forums/index.php?showtopic=5741 http://www.osvdb.org/14064 http://www.securityfocus.com/bid/12549 https://exchange.xforce.ibmcloud.com/vulnerabilities/19328 •