CVE-2006-5847
MEDIUMfreewebshop < 2.2.2 - Cross-Site Scripting via cat Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-5847. PoCs published by laurent gaffie.
AI-analyzed exploit summary The provided text describes a vulnerability in FreeWebShop 2.2 and prior versions, specifically mentioning XSS and local file inclusion issues. It includes a sample URL demonstrating the XSS vulnerability but lacks executable exploit code.
Description
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
Exploits (1)
The provided text describes a vulnerability in FreeWebShop 2.2 and prior versions, specifically mentioning XSS and local file inclusion issues. It includes a sample URL demonstrating the XSS vulnerability but lacks executable exploit code.
References (8)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N