CVE-2006-4525

Devellion Cubecart < 3.0.12 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43840

View Code ZIP pw:eip

References (5)

Core 5

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21659

Various Sources x_refsource_confirm

http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19782

Various Sources x_refsource_confirm

http://cubecart.com/site/forums/index.php?showtopic=21540

Various Sources x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00111-08282006&

Scores

EPSS 0.0340

EPSS Percentile 87.5%

Details

Status published

Products (1)

devellion/cubecart < 3.0.12

Published Sep 01, 2006

Tracked Since Feb 18, 2026