CVE-2006-6734

Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Linux_Drox · textwebappsphp

https://www.exploit-db.com/exploits/29299

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/23449

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2006-December/001197.html

[Exploit] http://www.securityfocus.com/bid/21677

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/454864/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/5096

[Third Party Advisory] http://securityreason.com/securityalert/2072

Scores

EPSS 0.0053

EPSS Percentile 66.8%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

obie_website/mini_web_shop

Timeline

Published Dec 26, 2006

Tracked Since Feb 18, 2026