CVE-2006-2669

Preprojects.com Pre Shopping Mall - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php.

References (9)

[Patch, Vendor Advisory] http://secunia.com/advisories/20295

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1991

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26690

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/435018/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18706

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26080

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26081

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26082

[Third Party Advisory] http://securityreason.com/securityalert/990

Scores

EPSS 0.0087

EPSS Percentile 75.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

preprojects.com/pre_shopping_mall

Timeline

Published May 30, 2006

Tracked Since Feb 18, 2026