CVE-2006-2669 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the \search box) (2) the prodid parameter in detail.php and the (3) cid parameter in products.php.

Reference

http://secunia.com/advisories/20295 http://securityreason.com/securityalert/990 http://www.osvdb.org/26080 http://www.osvdb.org/26081 http://www.osvdb.org/26082 http://www.securityfocus.com/archive/1/435018/100/0/threaded http://www.securityfocus.com/bid/18706 http://www.vupen.com/english/advisories/2006/1991 https://exchange.xforce.ibmcloud.com/vulnerabilities/26690