Exploit Database - Logo

osCommerce 2.2 - '/admin/tax_classes.php?page' Cross-Site Scripting

EDB-ID: 28757 Author: Lostmon Published: 2006-10-04
CVE: CVE-2006-5190 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/20343/info
             
osCommerce is prone to multiple cross-site scripting vulnerabilities.
             
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
        
http://www.example.com/catalog/admin/tax_classes.php?page=1[XSS-code]
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2006-5190
Trying to match OSVDBs (1): 29809
Other Possible E-DB Search Terms: osCommerce 2.2,  osCommerce
Date D V Title Author
2011-10-20 Verified osCommerce - Arbitrary File Upload / File Disclosureindoushka
2011-02-04 Waiting verification osCommerce - Authentication BypassNicolas Kra...
2013-02-12 Verified osCommerce - Cross-Site Request ForgeryJakub Galczyk
2006-08-30 Verified osCommerce 2.1/2.2 - 'product_info.php' SQL InjectionGulfTech Se...
2003-03-20 Verified osCommerce 2.1/2.2 - Info_Message Cross-Site ScriptingiProyectos ...
2008-05-05 Verified osCommerce 2.1/2.2 - Multiple Cross-Site Scripting VulnerabilitiesDavid Sopas...
2005-02-15 Verified osCommerce 2.2 - 'Contact_us.php' Cross-Site ScriptingJohn Cobb
2006-04-14 Verified osCommerce 2.2 - 'extras' Source Code Disclosurergod
2010-11-09 Verified osCommerce 2.2 - Cross-Site Request Forgerydaandevelop...
2009-12-26 Verified osCommerce 2.2rc2a - Bypass/Create and Download Backupindoushka
2011-05-14 Waiting verification osCommerce 2.3.1 - 'banner_manager.php' Arbitrary File UploadNumber 7
2017-11-11 Waiting verification osCommerce 2.3.4.1 - Arbitrary File UploadSimon Scannell
2018-03-30 Verified osCommerce 2.3.4.1 - Remote Code ExecutionSimon Scannell
2010-04-30 Verified osCommerce 3.0a5 - Local File Inclusion / HTML InjectionJordi Chancel
2003-12-22 Waiting verification osCommerce < 2.2-MS2 - Multiple VulnerabilitiesGulfTech Se...
2010-08-26 Waiting verification osCommerce Online Merchant - Remote File InclusionLoSt.HaCkEr
2010-05-30 Waiting verification osCommerce Online Merchant 2.2 - Arbitrary File UploadMasterGipy
2010-05-30 Verified osCommerce Online Merchant 2.2 - File Disclosure / Authentication BypassFlyff666
2010-05-28 Verified osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL InjectionChristopher...
2010-09-27 Waiting verification Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting**RoAd_KiLl...
2002-06-16 Verified osCommerce 2.1 - Remote File InclusionTim Vanderm...
2005-06-17 Verified osCommerce 2.1/2.2 - Multiple HTTP Response Splitting VulnerabilitiesGulfTech Se...
2006-10-04 Verified osCommerce 2.2 - '/admin/banner_manager.php?page' Cross-Site ScriptingLostmon
2006-10-04 Verified osCommerce 2.2 - '/admin/banner_statistics.php?page' Cross-Site ScriptingLostmon
2006-10-04 Verified osCommerce 2.2 - '/admin/countries.php?page' Cross-Site ScriptingLostmon
Menu