CVE-2006-5247

Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt	Vendor Advisory
http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001	Vendor Advisory
http://secunia.com/advisories/22286	Exploit Vendor Advisory
http://securitytracker.com/id?1017041
http://securityreason.com/securityalert/1717
https://exchange.xforce.ibmcloud.com/vulnerabilities/29421
http://www.securityfocus.com/archive/1/448094/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:eazy_cart:eazy_cart:*:*:*:*:*:*:*:*

Information

Published : 2006-10-11 17:07

Updated : 2018-10-17 14:41

NVD link : CVE-2006-5247

Mitre link : CVE-2006-5247

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

eazy_cart

eazy_cart

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt", "name": "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001", "name": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/22286", "name": "22286", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1017041", "name": "1017041", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/1717", "name": "1717", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29421", "name": "eazycart-easycart-xss(29421)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/448094/100/0/threaded", "name": "20061010 MHL-2006-001 Public Advisory: \"Eazy Cart\" Multiple Security Issues", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5247", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-10-12T00:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:eazy_cart:eazy_cart:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:41Z"}