Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-5190

Disclosure Date: October 10, 2006
CVE-2006-5190
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, © countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in ® admin/geo_zones.php.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2006-5190 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5190)
BID-20343 (http://www.securityfocus.com/bid/20343)
Advisory
EXPLOIT-DB-28750 (https://www.exploit-db.com/exploits/28750)
OSVDB-29801 (http://www.osvdb.org/29801)
EXPLOIT-DB-28746 (https://www.exploit-db.com/exploits/28746)
OSVDB-29803 (http://www.osvdb.org/29803)
ADV-2006-3917 (http://www.vupen.com/english/advisories/2006/3917)
OSVDB-29798 (http://www.osvdb.org/29798)
OSVDB-29808 (http://www.osvdb.org/29808)
OSVDB-29807 (http://www.osvdb.org/29807)
SECUNIA-22275 (http://secunia.com/advisories/22275)
OSVDB-29802 (http://www.osvdb.org/29802)
OSVDB-29795 (http://www.osvdb.org/29795)
EXPLOIT-DB-28759 (https://www.exploit-db.com/exploits/28759)
EXPLOIT-DB-28755 (https://www.exploit-db.com/exploits/28755)
EXPLOIT-DB-28747 (https://www.exploit-db.com/exploits/28747)
EXPLOIT-DB-28744 (https://www.exploit-db.com/exploits/28744)
SECTRACK-1016979 (http://securitytracker.com/id?1016979)
OSVDB-29809 (http://www.osvdb.org/29809)
OSVDB-29799 (http://www.osvdb.org/29799)
EXPLOIT-DB-28757 (https://www.exploit-db.com/exploits/28757)
EXPLOIT-DB-28748 (https://www.exploit-db.com/exploits/28748)
OSVDB-29810 (http://www.osvdb.org/29810)
OSVDB-29811 (http://www.osvdb.org/29811)
EXPLOIT-DB-28758 (https://www.exploit-db.com/exploits/28758)
EXPLOIT-DB-28753 (https://www.exploit-db.com/exploits/28753)
OSVDB-29797 (http://www.osvdb.org/29797)
OSVDB-29806 (http://www.osvdb.org/29806)
EXPLOIT-DB-28749 (https://www.exploit-db.com/exploits/28749)
OSVDB-29800 (http://www.osvdb.org/29800)
XF-oscommerce-page-xss(29355) (https://exchange.xforce.ibmcloud.com/vulnerabilities/29355)
OSVDB-29796 (http://www.osvdb.org/29796)
EXPLOIT-DB-28743 (https://www.exploit-db.com/exploits/28743)
EXPLOIT-DB-28754 (https://www.exploit-db.com/exploits/28754)
EXPLOIT-DB-28745 (https://www.exploit-db.com/exploits/28745)
OSVDB-29804 (http://www.osvdb.org/29804)
EXPLOIT-DB-28756 (https://www.exploit-db.com/exploits/28756)
OSVDB-29805 (http://www.osvdb.org/29805)
EXPLOIT-DB-28752 (https://www.exploit-db.com/exploits/28752)
Miscellaneous
http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis