Lucene search

[email protected]CVE-2006-5164

HistoryOct 05, 2006 - 4:04 a.m.

CVE-2006-5164

2006-10-0504:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5164

cross-site scripting

xss

vulnerabilities

sum effect software

digishop 4.0

cart.php

sortby parameter

search parameter

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.065 Low

EPSS

Percentile

93.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.

CPENameOperatorVersion
sum_effect_software:digishopsum effect software digishopeq4.0

CPE	Name	Operator	Version
sum_effect_software:digishop	sum effect software digishop	eq	4.0

References

secunia.com/advisories/22086

securityreason.com/securityalert/1687

www.securityfocus.com/archive/1/447506/100/0/threaded

www.securityfocus.com/bid/20297

www.vupen.com/english/advisories/2006/3889

exchange.xforce.ibmcloud.com/vulnerabilities/29309

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.065 Low

EPSS

Percentile

93.6%

JSON