CVE-2006-5108
published 2006-10-03CVE-2006-5108: Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.72%
92.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
| devellion | cubecart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CubeCart 3.0.x - '/admin/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-09-26
CVE-2006-5108 CubeCart 3.0.x - '/admin/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities
CubeCart 3.0.x - '/admin/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/admin/header.inc.php?site_name=alert(document.cookie);
http://www.example.com/admin/header.inc.php?la_adm_header=alert(document.coo
Exploit-DB
CubeCart 3.0.x - 'footer.inc.php?la_pow_by' Cross-Site Scripting
exploitdb·2006-09-26
CVE-2006-5108 CubeCart 3.0.x - 'footer.inc.php?la_pow_by' Cross-Site Scripting
CubeCart 3.0.x - 'footer.inc.php?la_pow_by' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/footer.inc.php?la_pow_by=alert(document.cookie);
Exploit-DB
CubeCart 3.0.x - '/admin/nav.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-09-26
CVE-2006-5108 CubeCart 3.0.x - '/admin/nav.php' Multiple Cross-Site Scripting Vulnerabilities
CubeCart 3.0.x - '/admin/nav.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/admin/nav.php?site_url=">alert(document.cookie);
http://www.example.com/admin/nav.php?la_search_home=alert(document.cookie);
Exploit-DB
CubeCart 3.0.x - '/admin/print_order.php?order_id' Cross-Site Scripting
exploitdb·2006-09-26
CVE-2006-5108 CubeCart 3.0.x - '/admin/print_order.php?order_id' Cross-Site Scripting
CubeCart 3.0.x - '/admin/print_order.php?order_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/admin/print_order.php?order_id=alert(document.cookie);
Exploit-DB
CubeCart 3.0.x - '/admin/image.php?image' Cross-Site Scripting
exploitdb·2006-09-26
CVE-2006-5108 CubeCart 3.0.x - '/admin/image.php?image' Cross-Site Scripting
CubeCart 3.0.x - '/admin/image.php?image' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/admin/image.php?image=alert(document.cookie);
Exploit-DB
CubeCart 3.0.x - 'view_order.php?order_id' Cross-Site Scripting
exploitdb·2006-09-26
CVE-2006-5108 CubeCart 3.0.x - 'view_order.php?order_id' Cross-Site Scripting
CubeCart 3.0.x - 'view_order.php?order_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/20215/info
CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/view_order.php?order_id=alert(document.cookie);
No writeups or analysis indexed.
http://secunia.com/advisories/22175http://securityreason.com/securityalert/1662http://www.osvdb.org/29246http://www.osvdb.org/29247http://www.osvdb.org/29248http://www.osvdb.org/29249http://www.osvdb.org/29250http://www.osvdb.org/29251http://www.osvdb.org/29252http://www.securityfocus.com/archive/1/447009/100/0/threadedhttp://www.securityfocus.com/bid/20215http://www.vupen.com/english/advisories/2006/3818https://exchange.xforce.ibmcloud.com/vulnerabilities/29177http://secunia.com/advisories/22175http://securityreason.com/securityalert/1662http://www.osvdb.org/29246http://www.osvdb.org/29247http://www.osvdb.org/29248http://www.osvdb.org/29249http://www.osvdb.org/29250http://www.osvdb.org/29251http://www.osvdb.org/29252http://www.securityfocus.com/archive/1/447009/100/0/threadedhttp://www.securityfocus.com/bid/20215http://www.vupen.com/english/advisories/2006/3818https://exchange.xforce.ibmcloud.com/vulnerabilities/29177
2006-10-03
Published