Strix
26.1K

CVE-2006-5190

UnknownEPSS 6.49%

Last modified

CVE-2006-5190 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.. EPSS estimates a 6.49% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.

Metrics

EPSS Probability
6.49%

92.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
OscommerceOscommerce<= 2.2_ms2_2006-08-17
OscommerceOscommerce1.1
OscommerceOscommerce1.5.1
OscommerceOscommerce1.11
OscommerceOscommerce1.12
OscommerceOscommerce1.13
OscommerceOscommerce2.1
OscommerceOscommerce2.2_cvs
OscommerceOscommerce2.2_ms1
OscommerceOscommerce2.2_ms2
OscommerceOscommerce2.2_ms3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-5190?
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.
How severe is CVE-2006-5190?
Severity scoring for CVE-2006-5190 is pending analysis. The EPSS model estimates a 6.49% probability of exploitation in the next 30 days.
How do I fix CVE-2006-5190?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5190?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST