Published: 03/10/2006 Updated: 17/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 710

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote malicious users to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
devellion cubecart 2.0.5
devellion cubecart 2.0.6
devellion cubecart 2.0.2
devellion cubecart 2.0.3
devellion cubecart 2.0.4
devellion cubecart 2.0.0
devellion cubecart 2.0.1

source: wwwsecurityfocuscom/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input A successful exploit of these vulnerabilities could allow an at ...

source: wwwsecurityfocuscom/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input A successful exploit of these vulnerabilities could allow an atta ...

source: wwwsecurityfocuscom/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input A successful exploit of these vulnerabilities could allow an attacker ...

source: wwwsecurityfocuscom/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input A successful exploit of these vulnerabilities could allow an attack ...

source: wwwsecurityfocuscom/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input A successful exploit of these vulnerabilities could allow an ...

source: wwwsecurityfocuscom/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input A successful exploit of these vulnerabilities could allow an attacker t ...

NVD-CWE-Other http://www.securityfocus.com/bid/20215 http://secunia.com/advisories/22175 http://securityreason.com/securityalert/1662 http://www.vupen.com/english/advisories/2006/3818 http://www.osvdb.org/29249 http://www.osvdb.org/29248 http://www.osvdb.org/29247 http://www.osvdb.org/29251 http://www.osvdb.org/29250 http://www.osvdb.org/29252 http://www.osvdb.org/29246 https://exchange.xforce.ibmcloud.com/vulnerabilities/29177 http://www.securityfocus.com/archive/1/447009/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28703/

CVE-2006-5108

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect