CVE-2006-5247

Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.

Score6.8
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-11 08:07:00.000-04
Last Modified2018-10-17 05:41:54.000-04

Vulnerable Software List

VendorProductVersions
Eazy Cart Eazy Cart

References

SourceLink
SREASON1717
SECTRACK1017041
MISChttp://www.mayhemiclabs.com/advisories/MHL-2006-01.txt
MISChttp://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001
BUGTRAQ20061010 MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues
XFeazycart-easycart-xss(29421)