CVE-2006-5631
CVE-2006-5631: XSS in iG Shop 1.4's change_pass.php. Vulnerable when action parameter is not "1" (arbitrary query strings may inject script/HTML). Affected file: change_pass.php in iG Shop 1.4. CVSS v2 base score 6.8 (Medium). Mitigations in connected PT Security notes suggest restricting access ...