2 matches found
CVE-2005-0606
Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...
CVE-2005-0606
CubeCart 2.0.0–2.0.5 contains a Cross‑Site Scripting (XSS) vulnerability in settings.inc.php. The issue allows remote attackers to inject arbitrary HTML/web script via any of the following parameters used across multiple PHP files: cat_id, PHPSESSID, view_doc, product, session, catname, search, o...