Vulnerabilities > CVE-2005-0606 - Cross-Site Scripting vulnerability in CubeCart
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | CubeCart 2.0.x Multiple Cross-Site Scripting Vulnerabilities. CVE-2005-0606. Webapps exploit for php platform |
id | EDB-ID:25162 |
last seen | 2016-02-03 |
modified | 2005-02-25 |
published | 2005-02-25 |
reporter | Lostmon |
source | https://www.exploit-db.com/download/25162/ |
title | CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | CUBECART_ADMIN_SETTINGS_XSS.NASL |
description | According to its banner, the version of CubeCart installed on the remote host suffers from multiple cross-site scripting and path disclosure vulnerabilities due to a failure to sanitize user input in |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17260 |
published | 2005-03-03 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17260 |
title | CubeCart < 2.0.6 settings.inc.php Multiple Script XSS |
code |
|
References
- http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html
- http://secunia.com/advisories/14416
- http://securitytracker.com/id?1013304
- http://www.cubecart.com/site/forums/index.php?showtopic=6032
- http://www.securityfocus.com/bid/12658
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20637