Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0245

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0245
Last Modified 07 Mar 2011 09:29:38
Published 17 Jan 2006 08:51:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0245

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.

Vulnerable Systems

Application

  • Devellion Cubecart 3.0.7-pl1


References

VUPEN - ADV-2006-0227

BID - 16259

OSVDB - 22471

SECUNIA - 18519

MISC - http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html

MISC - http://bugs.cubecart.com/?do=details&id=459

XF - cubecart-index-script-xss(24177)


Last Updated: 27 May 2016 10:41:35