Vulnerability Details CVE-2005-0606
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html
- http://secunia.com/advisories/14416
- http://securitytracker.com/id?1013304
- http://www.cubecart.com/site/forums/index.php?showtopic=6032
- http://www.securityfocus.com/bid/12658
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20637
- http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html
- http://secunia.com/advisories/14416
- http://securitytracker.com/id?1013304
- http://www.cubecart.com/site/forums/index.php?showtopic=6032
- http://www.securityfocus.com/bid/12658
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20637
Products affected by CVE-2005-0606
-
cpe:2.3:a:devellion:cubecart:2.0.0
-
cpe:2.3:a:devellion:cubecart:2.0.1
-
cpe:2.3:a:devellion:cubecart:2.0.2
-
cpe:2.3:a:devellion:cubecart:2.0.3
-
cpe:2.3:a:devellion:cubecart:2.0.5