CVE-2005-0606

Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0606
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
devellion / cubecart	2.0.3	2.0.3.x
devellion / cubecart	2.0.1	2.0.1.x
devellion / cubecart	2.0.2	2.0.2.x
devellion / cubecart	2.0.5	2.0.5.x
devellion / cubecart	2.0.0	2.0.0.x

http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html
http://secunia.com/advisories/14416
http://securitytracker.com/id?1013304
http://www.cubecart.com/site/forums/index.php?showtopic=6032
http://www.securityfocus.com/bid/12658
https://exchange.xforce.ibmcloud.com/vulnerabilities/20637

Vulnerability Database

290,206

CVE-2005-0606