Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2006-5190

Published: 10/10/2006 Updated: 05/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 515
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Oscommerce

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.

Vulnerable Product Search on Vulmon Subscribe to Product

oscommerce oscommerce 2.2_cvs

oscommerce oscommerce 2.2_ms1

oscommerce oscommerce 1.13

oscommerce oscommerce 1.5.1

oscommerce oscommerce 2.1

oscommerce oscommerce 1.11

oscommerce oscommerce 1.12

oscommerce oscommerce

oscommerce oscommerce 1.1

oscommerce oscommerce 2.2_ms2

oscommerce oscommerce 2.2_ms3

Exploits

Exploit DB: osCommerce 2.2 - '/admin/countries.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication credentials ...
Exploit DB: osCommerce 2.2 - '/admin/orders_status.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication cre ...
Exploit DB: osCommerce 2.2 - '/admin/manufacturers.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication credent ...
Exploit DB: osCommerce 2.2 - '/admin/zones.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based ...
Exploit DB: osCommerce 2.2 - '/admin/banner_manager.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication credentials and ...
Exploit DB: osCommerce 2.2 - '/admin/newsletters.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication crede ...
Exploit DB: osCommerce 2.2 - '/admin/tax_rates.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based au ...
Exploit DB: osCommerce 2.2 - '/admin/languages.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication credentia ...
Exploit DB: osCommerce 2.2 - '/admin/stats_products_viewed.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authen ...
Exploit DB: osCommerce 2.2 - '/admin/specials.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentica ...
Exploit DB: osCommerce 2.2 - '/admin/products_expected.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication ...
Exploit DB: osCommerce 2.2 - '/admin/reviews.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authenticati ...
Exploit DB: osCommerce 2.2 - '/admin/currencies.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication credentials ...
Exploit DB: osCommerce 2.2 - '/admin/stats_products_purchased.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authenti ...
Exploit DB: osCommerce 2.2 - '/admin/tax_classes.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based auth ...
Exploit DB: osCommerce 2.2 - '/admin/products_attributes.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication c ...
Exploit DB: osCommerce 2.2 - '/admin/banner_statistics.php?page' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may help the attacker steal cookie-based authentication credentials a ...

References

NVD-CWE-Otherhttp://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.htmlhttp://www.securityfocus.com/bid/20343http://securitytracker.com/id?1016979http://secunia.com/advisories/22275http://www.osvdb.org/29795http://www.osvdb.org/29796http://www.osvdb.org/29797http://www.osvdb.org/29798http://www.osvdb.org/29799http://www.osvdb.org/29800http://www.osvdb.org/29801http://www.osvdb.org/29802http://www.osvdb.org/29805http://www.osvdb.org/29806http://www.osvdb.org/29807http://www.osvdb.org/29808http://www.osvdb.org/29809http://www.osvdb.org/29810http://www.osvdb.org/29811http://www.osvdb.org/29803http://www.osvdb.org/29804http://www.vupen.com/english/advisories/2006/3917https://exchange.xforce.ibmcloud.com/vulnerabilities/29355https://www.exploit-db.com/exploits/28759/https://www.exploit-db.com/exploits/28758/https://www.exploit-db.com/exploits/28757/https://www.exploit-db.com/exploits/28756/https://www.exploit-db.com/exploits/28755/https://www.exploit-db.com/exploits/28754/https://www.exploit-db.com/exploits/28753/https://www.exploit-db.com/exploits/28752/https://www.exploit-db.com/exploits/28750/https://www.exploit-db.com/exploits/28749/https://www.exploit-db.com/exploits/28748/https://www.exploit-db.com/exploits/28747/https://www.exploit-db.com/exploits/28746/https://www.exploit-db.com/exploits/28745/https://www.exploit-db.com/exploits/28744/https://www.exploit-db.com/exploits/28743/https://nvd.nist.govhttps://www.exploit-db.com/exploits/28745/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook