CVE-2006-5164 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.

Reference

http://secunia.com/advisories/22086 http://securityreason.com/securityalert/1687 http://www.securityfocus.com/archive/1/447506/100/0/threaded http://www.securityfocus.com/bid/20297 http://www.vupen.com/english/advisories/2006/3889 https://exchange.xforce.ibmcloud.com/vulnerabilities/29309