CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4525 – CubeCart < 3.0.12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.12 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el array links. • https://www.exploit-db.com/exploits/43840 http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 4CVE-2005-1033 – CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
https://notcve.org/view.php?id=CVE-2005-1033
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. • https://www.exploit-db.com/exploits/25355 https://www.exploit-db.com/exploits/25356 https://www.exploit-db.com/exploits/25357 https://www.exploit-db.com/exploits/25358 http://marc.info/?l=bugtraq&m=111281457918479&w=2 http://securitytracker.com/id?1013660 http://www.osvdb.org/14064 •