CVE-2006-3156

Name of the Vulnerable Software and Affected Versions Ultimate eShop versions 1.0 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the subid parameter in the "index.cgi" file.

Recommendations For Ultimate eShop versions 1.0 and earlier, avoid using the subid parameter in the index.cgi file until a fix is available. As a temporary workaround, consider restricting access to the index.cgi file to minimize the risk of exploitation.