CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4525

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://cubecart.com/site/forums/index.php?showtopic=21540
http://secunia.com/advisories/21659
http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697
http://www.gulftech.org/?node=research&article_id=00111-08282006&
http://www.securityfocus.com/bid/19782
http://cubecart.com/site/forums/index.php?showtopic=21540
http://secunia.com/advisories/21659
http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697
http://www.gulftech.org/?node=research&article_id=00111-08282006&
http://www.securityfocus.com/bid/19782

Products affected by CVE-2006-4525

Devellion » Cubecart » Version: Any

cpe:2.3:a:devellion:cubecart:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4525

Products

Pricing

Contact Us