CVE-2005-1162

Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=111352017704126&w=2
http://secunia.com/advisories/14969	Patch Vendor Advisory
http://securitytracker.com/id?1013720	Exploit Patch
http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab	Vendor Advisory URL Repurposed
http://www.osvdb.org/15521	Exploit
http://www.osvdb.org/15522	Exploit
http://www.osvdb.org/15523	Exploit
http://www.securityfocus.com/bid/13184	Exploit Patch
http://www.securityfocus.com/bid/13185	Exploit Patch
http://www.securityfocus.com/bid/13186	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20096
http://marc.info/?l=bugtraq&m=111352017704126&w=2
http://secunia.com/advisories/14969	Patch Vendor Advisory
http://securitytracker.com/id?1013720	Exploit Patch
http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab	Vendor Advisory URL Repurposed
http://www.osvdb.org/15521	Exploit
http://www.osvdb.org/15522	Exploit
http://www.osvdb.org/15523	Exploit
http://www.securityfocus.com/bid/13184	Exploit Patch
http://www.securityfocus.com/bid/13185	Exploit Patch
http://www.securityfocus.com/bid/13186	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20096

Configurations

Configuration 1 (hide)

cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-1162

Mitre link : CVE-2005-1162

CVE.ORG link : CVE-2005-1162

JSON object : View

Products Affected

oneworldstore

oneworldstore

CWE

NVD-CWE-Other

{"id": "CVE-2005-1162", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=111352017704126&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/14969", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013720", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab", "tags": ["Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15521", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15522", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15523", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13184", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13185", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13186", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20096", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=111352017704126&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/14969", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1013720", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab", "tags": ["Vendor Advisory", "URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/15521", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/15522", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/15523", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/13184", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/13185", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/13186", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20096", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oneworldstore:oneworldstore:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "200AFE97-E718-41C0-86A0-9FE8030AAA52"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}