CVSS: 6.8EPSS: 17%CPEs: 6EXPL: 4CVE-2006-4268
https://notcve.org/view.php?id=CVE-2006-4268
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.11 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) file, (2) x, e (3) y en (a) admin/filemanager/preview.php; y el parámetro (4) email en (b) admin/login.php. • http://bugs.cubecart.com/?do=details&id=523 http://retrogod.altervista.org/cubecart_3011_adv.html http://secunia.com/advisories/21538 http://securityreason.com/securityalert/1429 http://securitytracker.com/id?1016708 http://www.cubecart.com/site/forums/index.php?showtopic=21247 http://www.osvdb.org/27987 http://www.osvdb.org/displayvuln.php?osvdb_id=27986 http://www.securityfocus.com/archive/1/443476/100/0/threaded http://www.securityfocus.com/bid/19563 http://www.vupen •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 6CVE-2006-4267 – CubeCart 3.0.11 - 'oid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-4267
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. Múltiples vulnerabilidades de inyección SQL en Cubecart 3.0.11 y anteriores permiten a atacantes remotos ejecuatr comandos SWL de su elección mediante el parámetro (1) oid en modules/gateway/Protx/confirmed.php y el parámetro (2) x_invoice_num en modules/gateway/Authorize/confirmed.php. • https://www.exploit-db.com/exploits/2198 http://bugs.cubecart.com/?do=details&id=523 http://retrogod.altervista.org/cubecart_3011_adv.html http://retrogod.altervista.org/cubecart_3011_sql.html http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html http://secunia.com/advisories/21538 http://securityreason.com/securityalert/1429 http://securitytracker.com/id?1016708 http://www.cubecart.com/site/forums/index.php?showtopic=21247 http://www.osvdb.org/27984 http://www.os •
CVSS: 5.0EPSS: 5%CPEs: 11EXPL: 1CVE-2006-0922 – CubeCart 3.0.x - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2006-0922
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php. • https://www.exploit-db.com/exploits/27304 http://securityreason.com/securityalert/482 http://www.cubecart.com/site/forums/index.php?showtopic=14704 http://www.cubecart.com/site/forums/index.php?showtopic=14817 http://www.cubecart.com/site/forums/index.php?showtopic=14825 http://www.cubecart.com/site/forums/index.php?showtopic=14960 http://www.cubecart.com/site/forums/index.php? •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4CVE-2006-0245
https://notcve.org/view.php?id=CVE-2006-0245
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152. • http://bugs.cubecart.com/?do=details&id=459 http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html http://secunia.com/advisories/18519 http://www.osvdb.org/22471 http://www.securityfocus.com/bid/16259 http://www.vupen.com/english/advisories/2006/0227 https://exchange.xforce.ibmcloud.com/vulnerabilities/24177 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5CVE-2005-3152 – CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3152
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1. • https://www.exploit-db.com/exploits/26304 https://www.exploit-db.com/exploits/26303 http://bugs.cubecart.com/?do=details&id=363 http://bugs.cubecart.com/?do=details&id=459 http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html http://securityreason.com/securityalert/35 http://securitytracker.com/id?1014984 http://www.securityfocus.com/bid/14962 https://exchange.xforce.ibmcloud. •