CVE-2005-4293 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.

Affected Software

Name	Vendor	Start Version	End Version
Clickcartpro	Kryptronic	1.0 (including)	1.0 (including)
Clickcartpro	Kryptronic	2.0 (including)	2.0 (including)
Clickcartpro	Kryptronic	3.0 (including)	3.0 (including)
Clickcartpro	Kryptronic	3.1 (including)	3.1 (including)
Clickcartpro	Kryptronic	3.2 (including)	3.2 (including)
Clickcartpro	Kryptronic	3.3 (including)	3.3 (including)
Clickcartpro	Kryptronic	3.4 (including)	3.4 (including)
Clickcartpro	Kryptronic	3.5 (including)	3.5 (including)
Clickcartpro	Kryptronic	3.6 (including)	3.6 (including)
Clickcartpro	Kryptronic	4.0 (including)	4.0 (including)
Clickcartpro	Kryptronic	5.0 (including)	5.0 (including)
Clickcartpro	Kryptronic	5.1 (including)	5.1 (including)

References

http://pridels0.blogspot.com/2005/12/clickcartpro-ccp-xss-vuln.html
http://secunia.com/advisories/17927
http://www.attrition.org/pipermail/vim/2006-January/000510.html
http://www.clickcartpro.com/forum/index.php?showtopic=12172
http://www.osvdb.org/21716
http://www.securityfocus.com/bid/15896
http://www.vupen.com/english/advisories/2005/2914

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4293
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html