### [CVE-2006-4967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4967) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php. ### POC #### Reference - http://securityreason.com/securityalert/1625 #### Github No PoCs found on GitHub currently.