Unrated severityNVD Advisory· Published Jul 5, 2005· Updated Jun 16, 2026
CVE-2005-2138
CVE-2005-2138
Description
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.
Affected products
3cpe:2.3:a:comdev:comdev_ecommerce:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:comdev:comdev_ecommerce:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:comdev:comdev_ecommerce:3.1:*:*:*:*:*:*:*
- (no CPE)range: 3.0 and 3.1
Patches
Vulnerability mechanics
References
2- k.domaindlx.com/shellcore/advisories.aspnvdExploitVendor Advisory
- secunia.com/advisories/15865nvdVendor Advisory
News mentions
0No linked articles in our index yet.