CVE-2004-0301
Description
Cross-site scripting (XSS) in Online Store Kit 3.0 more.php via id parameter allows remote attackers to inject arbitrary HTML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) in Online Store Kit 3.0 more.php via id parameter allows remote attackers to inject arbitrary HTML.
Vulnerability
Online Store Kit 3.0 contains a cross-site scripting (XSS) vulnerability in the more.php script. The id parameter is not properly sanitized, allowing remote attackers to inject arbitrary HTML [1].
Exploitation
An attacker can exploit this by crafting a malicious URL containing the id parameter with injected HTML or JavaScript. No special privileges or network position beyond standard web access is required [1].
Impact
Successful exploitation leads to reflection of attacker-controlled HTML or JavaScript in the victim's browser. This can result in session hijacking, phishing, or other client-side attacks within the context of the vulnerable site [1].
Mitigation
No official patch or fixed version is mentioned in the available references. As of the publication date (2004-11-23), users should consider upgrading to a newer version or applying input validation on the id parameter [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_lite:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_lite:*:*:*:*:*:*:*
- cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_pro:*:*:*:*:*:*:*
- cpe:2.3:a:ecommerce_corporation_online:store_kit:3.0_standard:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.