CVE-2006-2649 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php (b) search_cat.php (c) search_price.php and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.
Reference
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html http://secunia.com/advisories/20272 http://securitytracker.com/id?1016164 http://www.osvdb.org/26090 http://www.osvdb.org/26091 http://www.osvdb.org/26092 http://www.osvdb.org/26093 http://www.securityfocus.com/bid/18709 http://www.vupen.com/english/advisories/2006/1984 http://www.zone-h.org/advisories/read/id=9058 https://exchange.xforce.ibmcloud.com/vulnerabilities/26681
Share on: