Unrated severityNVD Advisory· Published May 3, 2005· Updated Apr 16, 2026

CVE-2005-1440

Description

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.

Affected products

Codetosell/Viart Shop Enterprise
cpe:2.3:a:codetosell:viart_shop_enterprise:2.1.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lostmon.blogspot.com/2005/04/viart-shop-enterprise-multiple.htmlnvdExploit
securitytracker.com/idnvdExploit
www.osvdb.org/15951nvdExploitVendor Advisory
www.securityfocus.com/bid/13462nvdExploit
secunia.com/advisories/15181nvd
www.osvdb.org/15952nvd
www.osvdb.org/15953nvd
www.osvdb.org/15954nvd
www.osvdb.org/15955nvd
www.osvdb.org/15956nvd
www.osvdb.org/15957nvd
www.osvdb.org/15958nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000