FKIE_CVE-2005-4530

Vulnerability from fkie_nvd - Published: 2005-12-28 01:03 - Updated: 2026-04-16 00:27
Severity
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.
References
cve@mitre.orghttp://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html
cve@mitre.orghttp://secunia.com/advisories/18153Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/21883
cve@mitre.orghttp://www.osvdb.org/21884
cve@mitre.orghttp://www.osvdb.org/21885
cve@mitre.orghttp://www.osvdb.org/21886
cve@mitre.orghttp://www.osvdb.org/21887
cve@mitre.orghttp://www.osvdb.org/21888
cve@mitre.orghttp://www.osvdb.org/21889
cve@mitre.orghttp://www.osvdb.org/21890
cve@mitre.orghttp://www.osvdb.org/21891
cve@mitre.orghttp://www.osvdb.org/21892
cve@mitre.orghttp://www.securityfocus.com/bid/16055
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/3074
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/23852
af854a3a-2127-422b-91ae-364da2661108http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18153Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21883
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21884
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21885
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21886
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21887
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21888
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21889
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21890
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21891
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21892
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16055
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/3074
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/23852
Impacted products
Vendor Product Version
alstrasoft epay 3.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:alstrasoft:epay:3.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "FA7D0F6E-2880-4443-8B8C-FFEE9579DA82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm."
    }
  ],
  "id": "CVE-2005-4530",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2005-12-28T01:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21883"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21884"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21885"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21886"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21887"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21888"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21889"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21891"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21892"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16055"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/3074"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/3074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.