LiveActive security incident?Get immediate response
CVE archive

April 2005

Browse CVE records published in April 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 444 matching CVEs · Page 3 of 9.

Unknown · CVSS Not scored

CVE-2005-1292: Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject ar...

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.

Published Apr 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1291: Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL...

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.

Published Apr 26, 2005 · Updated Aug 7, 2024