Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eazy Cart | Eazy Cart | All versions |
References
- http://secunia.com/advisories/22286ExploitVendor Advisory
- http://securityreason.com/securityalert/1717
- http://securitytracker.com/id?1017041
- http://www.mayhemiclabs.com/advisories/MHL-2006-01.txtVendor Advisory
- http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001Vendor Advisory
- http://www.securityfocus.com/archive/1/448094/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29421
- http://secunia.com/advisories/22286ExploitVendor Advisory
- http://securityreason.com/securityalert/1717
- http://securitytracker.com/id?1017041
- http://www.mayhemiclabs.com/advisories/MHL-2006-01.txtVendor Advisory
- http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001Vendor Advisory
- http://www.securityfocus.com/archive/1/448094/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29421
FAQ
What is CVE-2006-5247?
CVE-2006-5247 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters ...
How severe is CVE-2006-5247?
CVE-2006-5247 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5247?
Check the references section above for vendor advisories and patch information. Affected products include: Eazy Cart Eazy Cart.