{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2006-5190", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "28743", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28743/" }, { "name" : "28744", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28744/" }, { "name" : "28745", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28745/" }, { "name" : "28746", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28746/" }, { "name" : "28747", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28747/" }, { "name" : "28748", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28748/" }, { "name" : "28749", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28749/" }, { "name" : "28750", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28750/" }, { "name" : "28752", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28752/" }, { "name" : "28753", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28753/" }, { "name" : "28754", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28754/" }, { "name" : "28755", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28755/" }, { "name" : "28756", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28756/" }, { "name" : "28757", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28757/" }, { "name" : "28758", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28758/" }, { "name" : "28759", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/28759/" }, { "name" : "http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html", "refsource" : "MISC", "url" : "http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html" }, { "name" : "20343", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/20343" }, { "name" : "ADV-2006-3917", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3917" }, { "name" : "29795", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29795" }, { "name" : "29796", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29796" }, { "name" : "29797", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29797" }, { "name" : "29798", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29798" }, { "name" : "29799", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29799" }, { "name" : "29800", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29800" }, { "name" : "29801", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29801" }, { "name" : "29802", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29802" }, { "name" : "29805", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29805" }, { "name" : "29806", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29806" }, { "name" : "29807", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29807" }, { "name" : "29808", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29808" }, { "name" : "29809", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29809" }, { "name" : "29810", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29810" }, { "name" : "29811", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29811" }, { "name" : "29803", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29803" }, { "name" : "29804", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/29804" }, { "name" : "1016979", "refsource" : "SECTRACK", "url" : "http://securitytracker.com/id?1016979" }, { "name" : "22275", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/22275" }, { "name" : "oscommerce-page-xss(29355)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29355" } ] } }