CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1682

Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.0%

CVSS Severity

CVSS v2 Score 4.3

References

http://pridels0.blogspot.com/2006/04/web-shop-50-xss.html
http://secunia.com/advisories/19594
http://www.securityfocus.com/bid/17418
http://www.vupen.com/english/advisories/2006/1289
https://exchange.xforce.ibmcloud.com/vulnerabilities/25721
http://pridels0.blogspot.com/2006/04/web-shop-50-xss.html
http://secunia.com/advisories/19594
http://www.securityfocus.com/bid/17418
http://www.vupen.com/english/advisories/2006/1289
https://exchange.xforce.ibmcloud.com/vulnerabilities/25721

Products affected by CVE-2006-1682

Talentsoft » Web+ Shop » Version: 5.0

cpe:2.3:a:talentsoft:web+_shop:5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1682

Products

Pricing

Contact Us