Exploit Database - Logo

osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting

EDB-ID: 28757 Author: Lostmon Published: 2006-10-04
CVE: CVE-2006-5190 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/20343/info
             
osCommerce is prone to multiple cross-site scripting vulnerabilities.
             
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
        
http://www.example.com/catalog/admin/tax_classes.php?page=1[XSS-code]

Related Exploits

Trying to match CVEs (1): CVE-2006-5190
Trying to match OSVDBs (1): 29809
Other Possible E-DB Search Terms: osCommerce 2.2,  osCommerce
Date D V Title Author
2011-10-20Download Exploit Code Verified osCommerce - Arbitrary File Upload / File Disclosureindoushka
2011-02-04Download Exploit Code Waiting verification osCommerce - Authentication BypassNicolas Kra...
2013-02-12Download Exploit Code Verified osCommerce - Cross-Site Request ForgeryJakub Galczyk
2003-03-20Download Exploit Code Verified osCommerce 2.1/2.2 - Info_Message Cross-Site ScriptingiProyectos ...
2008-05-05Download Exploit Code Verified osCommerce 2.1/2.2 - Multiple Cross-Site Scripting VulnerabilitiesDavid Sopas...
2006-08-30Download Exploit Code Verified osCommerce 2.1/2.2 - product_info.php SQL InjectionJames Bercegay
2006-04-14Download Exploit Code Verified osCommerce 2.2 - (extras) Source Code Disclosurergod
2005-02-15Download Exploit Code Verified osCommerce 2.2 - Contact_us.php Cross-Site ScriptingJohn Cobb
2010-11-09Download Exploit Code Verified osCommerce 2.2 - Cross-Site Request Forgerydaandevelop...
2009-12-26Download Exploit Code Verified osCommerce 2.2rc2a - Bypass/Create and Download Backupindoushka
2011-05-14Download Exploit Code Waiting verification osCommerce 2.3.1 - 'banner_manager.php' Arbitrary File UploadNumber 7
2010-04-30Download Exploit Code Verified osCommerce 3.0a5 - Local File Inclusion / HTML InjectionJordi Chancel
2010-08-26Download Exploit Code Waiting verification osCommerce Online Merchant - Remote File InclusionLoSt.HaCkEr
2010-05-30Download Exploit Code Waiting verification osCommerce Online Merchant 2.2 - Arbitrary File UploadMasterGipy
2010-05-30Download Exploit Code Verified osCommerce Online Merchant 2.2 - File Disclosure / Authentication BypassFlyff666
2010-05-28Download Exploit Code Verified osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL InjectionChristopher...
2010-09-27Download Exploit Code Waiting verification Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting**RoAd_KiLl...
2002-06-16Download Exploit Code Verified osCommerce 2.1 - Remote File InclusionTim Vanderm...
2005-06-17Download Exploit Code Verified osCommerce 2.1/2.2 - Multiple HTTP Response Splitting VulnerabilitiesJames Bercegay
2006-10-04Download Exploit Code Verified osCommerce 2.2 - 'admin/newsletters.php' page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/countries.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/languages.php page Parameter Cross-Site ScriptingLostmon
Menu