Vulnerabilities

CVE-2005-0606

by Fred · 01/03/2005

Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.

Date published : 2005-03-01

http://www.securityfocus.com/bid/12658

http://www.cubecart.com/site/forums/index.php?showtopic=6032

Similar

Tags: Cybersecurity Alert