CVE-2006-6534
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en osCommerce 3.0a3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el (1) parámetro set a admin/modules.php, el (2) parámetro selected_box a definitiva/admin/customers.php, el (3) parámetro lID a admin/languages_definitions.php, o el (4) parámetro pID a admin/products.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-12-13 CVE Reserved
- 2006-12-14 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/21477 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://lostmon.blogspot.com/2006/12/oscommerce-traversal-arbitrary-file.html | 2024-09-17 | |
| http://securitytracker.com/id?1017353 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oscommerce Search vendor "Oscommerce" | Oscommerce Search vendor "Oscommerce" for product "Oscommerce" | 3.0a3 Search vendor "Oscommerce" for product "Oscommerce" and version "3.0a3" | - |
Affected
| ||||||