Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.
References
Configurations
History
21 Nov 2024, 00:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html - | |
References | () http://secunia.com/advisories/20272 - Exploit, Vendor Advisory | |
References | () http://securitytracker.com/id?1016164 - | |
References | () http://www.osvdb.org/26090 - | |
References | () http://www.osvdb.org/26091 - | |
References | () http://www.osvdb.org/26092 - | |
References | () http://www.osvdb.org/26093 - | |
References | () http://www.securityfocus.com/bid/18709 - | |
References | () http://www.vupen.com/english/advisories/2006/1984 - Vendor Advisory | |
References | () http://www.zone-h.org/advisories/read/id=9058 - Exploit, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/26681 - |
Information
Published : 2006-05-30 10:02
Updated : 2024-11-21 00:11
NVD link : CVE-2006-2649
Mitre link : CVE-2006-2649
CVE.ORG link : CVE-2006-2649
JSON object : View
Products Affected
cosmicphp
- cosmicshoppingcart
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')