CVE-2006-2124 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction (2) previd (3) prevstart (4) itemid (5) id and (6) action parameters in index.php.

Reference

http://pridels0.blogspot.com/2006/05/sunshop-xss-vuln.html http://secunia.com/advisories/19871 http://www.osvdb.org/25119 http://www.securityfocus.com/bid/17770 http://www.vupen.com/english/advisories/2006/1582 https://exchange.xforce.ibmcloud.com/vulnerabilities/26180