Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3187

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3187
Last Modified 07 Mar 2011 09:38:03
Published 22 Jun 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3187

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error.

Vulnerable Systems

Application

  • Sharky E-shop 3.05


References

XF - sharky-meny2-searchprodlist-xss(27207)

VUPEN - ADV-2006-2426

BID - 18532

BID - 18530

MISC - http://pridels0.blogspot.com/2006/06/sharky-e-shop-xss.html


Last Updated: 27 May 2016 10:42:54