CVE-2006-4525 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.

Affected Software

Name	Vendor	Start Version	End Version
Cubecart	Devellion	*	3.0.12 (including)

References

http://cubecart.com/site/forums/index.php?showtopic=21540
http://secunia.com/advisories/21659
http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697
http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026
http://www.securityfocus.com/bid/19782
http://cubecart.com/site/forums/index.php?showtopic=21540
http://secunia.com/advisories/21659
http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697
http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026
http://www.securityfocus.com/bid/19782

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4525
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html