Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3030

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3030
Last Modified 07 Mar 2011 09:37:30
Published 15 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3030

Summary

Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp.

Vulnerable Systems

Application

  • Dwzone Shopping Cart 1.1.9


References

XF - dwzone-productdetailsform-xss(27032)

VUPEN - ADV-2006-2291

OSVDB - 26402

OSVDB - 26401

SECUNIA - 20603

MISC - http://pridels0.blogspot.com/2006/06/dwzone-shopping-cart-xss-vuln.html


Last Updated: 27 May 2016 10:42:52