CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4525 – CubeCart < 3.0.12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.12 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el array links. • https://www.exploit-db.com/exploits/43840 http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 4CVE-2005-0606 – CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0606
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. • https://www.exploit-db.com/exploits/25162 http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://secunia.com/advisories/14416 http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 http://www.securityfocus.com/bid/12658 https://exchange.xforce.ibmcloud.com/vulnerabilities/20637 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2005-0607
https://notcve.org/view.php?id=CVE-2005-0607
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. • http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 https://exchange.xforce.ibmcloud.com/vulnerabilities/20638 •