CVE-2005-0606 Information

Description

Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5 as used in multiple PHP files allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id (2) PHPSESSID (3) view_doc (4) product (5) session (6) catname (7) search or (8) page parameters.

Reference

http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://secunia.com/advisories/14416 http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 http://www.securityfocus.com/bid/12658 https://exchange.xforce.ibmcloud.com/vulnerabilities/20637