CVE-2006-3542

Name of the Vulnerable Software and Affected Versions Garry Glendown Shopping Cart version 0.9

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the shop name field in editshop.php, edititem.php, and index.php, and via the item field in editshop.php and edititem.php. API Endpoints:

Recommendations For Garry Glendown Shopping Cart version 0.9, consider validating and sanitizing user input for the shop name and item fields in the affected API endpoints to prevent XSS attacks. As a temporary workaround, restrict access to editshop.php, edititem.php, and index.php to minimize the risk of exploitation.