CVE-2006-5190 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php (b) banner_statistics.php (c) countries.php (d) currencies.php (e) languages.php (f) manufacturers.php (g) newsletters.php (h) orders_status.php (i) products_attributes.php (j) products_expected.php (k) reviews.php (l) specials.php (m) stats_products_purchased.php (n) stats_products_viewed.php (o) tax_classes.php (p) tax_rates.php or (q) zones.php scripts in /admin and the (2) zpage parameter in (r) admin/geo_zones.php.
Reference
http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html http://secunia.com/advisories/22275 http://securitytracker.com/id?1016979 http://www.osvdb.org/29795 http://www.osvdb.org/29796 http://www.osvdb.org/29797 http://www.osvdb.org/29798 http://www.osvdb.org/29799 http://www.osvdb.org/29800 http://www.osvdb.org/29801 http://www.osvdb.org/29802 http://www.osvdb.org/29803 http://www.osvdb.org/29804 http://www.osvdb.org/29805 http://www.osvdb.org/29806 http://www.osvdb.org/29807 http://www.osvdb.org/29808 http://www.osvdb.org/29809 http://www.osvdb.org/29810 http://www.osvdb.org/29811 http://www.securityfocus.com/bid/20343 http://www.vupen.com/english/advisories/2006/3917 https://exchange.xforce.ibmcloud.com/vulnerabilities/29355 https://www.exploit-db.com/exploits/28743/ https://www.exploit-db.com/exploits/28744/ https://www.exploit-db.com/exploits/28745/ https://www.exploit-db.com/exploits/28746/ https://www.exploit-db.com/exploits/28747/ https://www.exploit-db.com/exploits/28748/ https://www.exploit-db.com/exploits/28749/ https://www.exploit-db.com/exploits/28750/ https://www.exploit-db.com/exploits/28752/ https://www.exploit-db.com/exploits/28753/ https://www.exploit-db.com/exploits/28754/ https://www.exploit-db.com/exploits/28755/ https://www.exploit-db.com/exploits/28756/ https://www.exploit-db.com/exploits/28757/ https://www.exploit-db.com/exploits/28758/ https://www.exploit-db.com/exploits/28759/
Share on: