CVE-2006-2649

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26681

http://www.vupen.com/english/advisories/2006/1984

http://www.securityfocus.com/bid/18709

http://www.osvdb.org/26093

http://www.osvdb.org/26092

http://www.osvdb.org/26091

http://www.osvdb.org/26090

http://securitytracker.com/id?1016164

http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html

Details

Source: Mitre, NVD

Published: 2006-05-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.04063