Unknown · E-Commerce · CVE-2006-4360
**Name of the Vulnerable Software and Affected Versions**
E-commerce versions prior to 4.7 with file.module version 1.37.2.4 (20060812)
**Description**
The issue allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS).
**Recommendations**
For versions prior to 4.7 with file.module version 1.37.2.4 (20060812), update the file.module to version 1.37.2.4 (20060812) or later to resolve the issue.