Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2004-0301 (GCVE-0-2004-0301)

Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10

Summary

Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/9676	vdb-entryx_refsource_BID
	http://secunia.com/advisories/10902/	third-party-advisoryx_refsource_SECUNIA
	http://www.systemsecure.org/advisories/ssadvisory…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/alerts/2004/Feb/1009079.html	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:04.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9676",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9676"
          },
          {
            "name": "10902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10902/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
          },
          {
            "name": "onlinestorekit-more-xss(15235)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235"
          },
          {
            "name": "1009079",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/alerts/2004/Feb/1009079.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9676",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9676"
        },
        {
          "name": "10902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10902/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
        },
        {
          "name": "onlinestorekit-more-xss(15235)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235"
        },
        {
          "name": "1009079",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/alerts/2004/Feb/1009079.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0301",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9676",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9676"
            },
            {
              "name": "10902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10902/"
            },
            {
              "name": "http://www.systemsecure.org/advisories/ssadvisory16022004.php",
              "refsource": "MISC",
              "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
            },
            {
              "name": "onlinestorekit-more-xss(15235)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235"
            },
            {
              "name": "1009079",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/alerts/2004/Feb/1009079.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0301",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-03-17T00:00:00",
    "dateUpdated": "2024-08-08T00:10:04.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0300 (GCVE-0-2004-0300)

Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10

Summary

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/9676	vdb-entryx_refsource_BID
	http://www.securityfocus.com/bid/9687	vdb-entryx_refsource_BID
	http://www.osvdb.org/3973	vdb-entryx_refsource_OSVDB
	http://marc.info/?l=bugtraq&m=107712117913185&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.zone-h.org/en/advisories/read/id=3972/	x_refsource_MISC
	http://securitytracker.com/alerts/2004/Feb/1009092.html	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/10902/	third-party-advisoryx_refsource_SECUNIA
	http://www.systemsecure.org/advisories/ssadvisory…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:04.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9676",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9676"
          },
          {
            "name": "9687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9687"
          },
          {
            "name": "3973",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3973"
          },
          {
            "name": "20040218 ZH2004-07SA (security advisory): Multiple Sql injection",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107712117913185\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zone-h.org/en/advisories/read/id=3972/"
          },
          {
            "name": "1009092",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/alerts/2004/Feb/1009092.html"
          },
          {
            "name": "10902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10902/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
          },
          {
            "name": "onlinestorekit-more-sql-injection(15232)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15232"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9676",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9676"
        },
        {
          "name": "9687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9687"
        },
        {
          "name": "3973",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3973"
        },
        {
          "name": "20040218 ZH2004-07SA (security advisory): Multiple Sql injection",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107712117913185\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zone-h.org/en/advisories/read/id=3972/"
        },
        {
          "name": "1009092",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/alerts/2004/Feb/1009092.html"
        },
        {
          "name": "10902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10902/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
        },
        {
          "name": "onlinestorekit-more-sql-injection(15232)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15232"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9676",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9676"
            },
            {
              "name": "9687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9687"
            },
            {
              "name": "3973",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3973"
            },
            {
              "name": "20040218 ZH2004-07SA (security advisory): Multiple Sql injection",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107712117913185\u0026w=2"
            },
            {
              "name": "http://www.zone-h.org/en/advisories/read/id=3972/",
              "refsource": "MISC",
              "url": "http://www.zone-h.org/en/advisories/read/id=3972/"
            },
            {
              "name": "1009092",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/alerts/2004/Feb/1009092.html"
            },
            {
              "name": "10902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10902/"
            },
            {
              "name": "http://www.systemsecure.org/advisories/ssadvisory16022004.php",
              "refsource": "MISC",
              "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
            },
            {
              "name": "onlinestorekit-more-sql-injection(15232)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15232"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0300",
    "datePublished": "2004-03-18T05:00:00",
    "dateReserved": "2004-03-17T00:00:00",
    "dateUpdated": "2024-08-08T00:10:04.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

2 vulnerabilities by ecommerce_corporation_online

CVE-2004-0301 (GCVE-0-2004-0301)

CVE-2004-0300 (GCVE-0-2004-0300)