CVE-2006-2649

2006-05-3010:00:00

mitre

www.cve.org

AI Score

5.9

Confidence

High

EPSS

0.04

Percentile

92.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, © search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.

References

archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html

secunia.com/advisories/20272

securitytracker.com/id?1016164

www.osvdb.org/26090

www.osvdb.org/26091

www.osvdb.org/26092

www.osvdb.org/26093

www.securityfocus.com/bid/18709

www.vupen.com/english/advisories/2006/1984

www.zone-h.org/advisories/read/id=9058

exchange.xforce.ibmcloud.com/vulnerabilities/26681