CVE-2006-5164

Properties

Published:
04.10.2006
Updated:
22.10.2018
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Product:
sum_effect_software: digishop

Vulnerability description

Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.

References:

SREASON: http://securityreason.com/securityalert/1687
BUGTRAQ: http://www.securityfocus.com/archive/1/447506/100/0/threaded
BID: http://www.securityfocus.com/bid/20297
VUPEN: http://www.vupen.com/english/advisories/2006/3889
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/29309