[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-2649Date: (C)2006-05-30   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016164
BID-18709
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html
SECUNIA-20272
OSVDB-26090
OSVDB-26091
OSVDB-26092
OSVDB-26093
ADV-2006-1984
cosmicshoppingcart-search-xss(26681)
http://www.zone-h.org/advisories/read/id=9058

CWE    1
CWE-79

© SecPod Technologies