CVE-2006-5164

Properties

Published:
04.10.2006
Updated:
06.10.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Sum Effect Software: digiSHOP

Vulnerability description

Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/447506/100/0/threaded
BID: http://www.securityfocus.com/bid/20297
SECUNIA: http://secunia.com/advisories/22086