Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sum Effect Software | Digishop | 4.0 |
References
- http://secunia.com/advisories/22086Vendor Advisory
- http://securityreason.com/securityalert/1687
- http://www.securityfocus.com/archive/1/447506/100/0/threaded
- http://www.securityfocus.com/bid/20297Exploit
- http://www.vupen.com/english/advisories/2006/3889
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29309
- http://secunia.com/advisories/22086Vendor Advisory
- http://securityreason.com/securityalert/1687
- http://www.securityfocus.com/archive/1/447506/100/0/threaded
- http://www.securityfocus.com/bid/20297Exploit
- http://www.vupen.com/english/advisories/2006/3889
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29309
FAQ
What is CVE-2006-5164?
CVE-2006-5164 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search param...
How severe is CVE-2006-5164?
CVE-2006-5164 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5164?
Check the references section above for vendor advisories and patch information. Affected products include: Sum Effect Software Digishop.