CVE Identifier: CVE-2004-0675 Vulnerability: Cross-Site Scripting (XSS) Affected Product: McMurtrey/Whitaker & Associates Cart32 CVSS Base Score: 5.6 Access Vector: Remote Access Complexity: High Authentication: Not Required Impact: - Confidentiality: Partial - Integrity: Partial - Availability: Partial Description: An attacker can insert a script containing malicious code in the cart32 variable, which would be executed in the victim's Web browser within the security context of the hosting site, once the URL is clicked. This can lead to the theft of the victim's cookie-based authentication credentials. Consequences: Gain Access Remedy: No remedy available as of September 1, 2014. References: - BID-10617 - CVE-2004-0675 - Cart32 Web site - OSVDB ID: 7279