CVE-2006-5247 - Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject ar

CVE-2006-5247

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.

References

Vulnerable Configurations

cpe:2.3:a:eazy_cart:eazy_cart:*:*:*:*:*:*:*:*
cpe:2.3:a:eazy_cart:eazy_cart:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-10-2018 - 21:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20061010 MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues
misc	http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001
sectrack	1017041
secunia	22286
sreason	1717
xf	eazycart-easycart-xss(29421)

Last major update

17-10-2018 - 21:41

Published

12-10-2006 - 00:07

Last modified

17-10-2018 - 21:41