Lucene search

K
cveMitreCVE-2006-0245
HistoryJan 18, 2006 - 2:00 a.m.

CVE-2006-0245

2006-01-1802:00:00
mitre
web.nvd.nist.gov
26
cve-2006-0245
cross-site scripting
xss
cubecart
web security
remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.016

Percentile

87.4%

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.

Affected configurations

Nvd
Node
devellioncubecartMatch3.0.7-pl1
VendorProductVersionCPE
devellioncubecart3.0.7-pl1cpe:2.3:a:devellion:cubecart:3.0.7-pl1:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.016

Percentile

87.4%