CVE-2006-3542

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27539

http://www.vupen.com/english/advisories/2006/2693

http://www.securityfocus.com/bid/18841

http://www.securityfocus.com/archive/1/439150/100/0/threaded

http://www.osvdb.org/27025

http://www.osvdb.org/27024

http://securityreason.com/securityalert/1223

http://secunia.com/advisories/20957

Details

Source: Mitre, NVD

Published: 2006-07-13

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00537