CVE-2005-3736

{"id": "CVE-2005-3736", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-11-22T00:03:00.000", "references": [{"url": "http://securitytracker.com/id?1015244", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/20993", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/20994", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/20995", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/20996", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015244", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/20993", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/20994", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/20995", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/20996", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en e-Quick Cart permiten a atacantes remotos inyectar 'script' web arbitrario o HTML mediante (1) el par\u00e1metro \"strgifttoname\" en shopgift.asp, (2) el par\u00e1metro \"strfirstname\" shopmaillist.asp, (3) el par\u00e1metro \"strpid\" en shopprojectlogin.asp, y (4) el par\u00e1metro \"Custname\" en shoptellafriend.asp.\r\n"}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coastal_data_management:e-quick_cart:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "688882F7-8F2A-4BE5-824E-535405A8E673"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}