CVE-2006-5247

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5247
Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/22286 Exploit Vendor Advisory
http://securityreason.com/securityalert/1717
http://securitytracker.com/id?1017041
http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt Vendor Advisory
http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001 Vendor Advisory
http://www.securityfocus.com/archive/1/448094/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/29421
Configurations

Configuration 1 (hide)

cpe:2.3:a:eazy_cart:eazy_cart:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-10-12 00:07

Updated : 2024-02-04 17:13

NVD link : CVE-2006-5247

Mitre link : CVE-2006-5247

CVE.ORG link : CVE-2006-5247

JSON object : View

Products Affected

eazy_cart

  • eazy_cart
CWE
NVD-CWE-Other