CVE-2006-3187

Name: CVE-2006-3187
Creator: NVD / NIST
Published: 2006-06-23T00:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.05%

Last modified Jun 16, 2026

CVE-2006-3187 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error.

Metrics

EPSS Probability

1.05%

59.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Sharky E-Shop	Sharky E-Shop	<= 3.05

References

Timeline

Published: Jun 23, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3187?

How severe is CVE-2006-3187?

Severity scoring for CVE-2006-3187 is pending analysis. The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3187?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3187?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST