CVE-2004-2174
Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter.
| Software | From | Fixed in |
|---|---|---|
| early_impact / productcart | 1.5003r | 1.5003r.x |
| early_impact / productcart | 1.6002 | 1.6002.x |
| early_impact / productcart | 2.0 | 2.0.x |
| early_impact / productcart | 1.6b001 | 1.6b001.x |
| early_impact / productcart | 1.6br001 | 1.6br001.x |
| early_impact / productcart | 1.6b003 | 1.6b003.x |
| early_impact / productcart | 1.5 | 1.5.x |
| early_impact / productcart | 1.5004 | 1.5004.x |
| early_impact / productcart | 1.5002 | 1.5002.x |
| early_impact / productcart | 1.5003 | 1.5003.x |
| early_impact / productcart | 2.5 | 2.5.x |
| early_impact / productcart | 1.6b | 1.6b.x |
| early_impact / productcart | 1.6br003 | 1.6br003.x |
| early_impact / productcart | 2.0br000 | 2.0br000.x |
| early_impact / productcart | 1.6b002 | 1.6b002.x |
| early_impact / productcart | 1.6br | 1.6br.x |
| early_impact / productcart | 1.6003 | 1.6003.x |
- http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html
- http://secunia.com/advisories/10898
- http://securitytracker.com/alerts/2004/Feb/1009085.html
- http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt
- http://www.osvdb.org/3980
- http://www.s-quadra.com/advisories/Adv-20040216.txt
- http://www.securityfocus.com/bid/9669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15234
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime