CVE-2006-3030

Name of the Vulnerable Software and Affected Versions DwZone Shopping Cart versions 1.1.9 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the ToCategory and FromCategory parameters to the "ProductDetailsForm.asp" endpoint, or the UserName and Password parameters to the "LogIn/VerifyUserLog.asp" endpoint.

Recommendations For DwZone Shopping Cart versions 1.1.9 and earlier, update to a version later than 1.1.9 to resolve the issue. As a temporary workaround, consider restricting access to the "ProductDetailsForm.asp" and "LogIn/VerifyUserLog.asp" endpoints until a patch is available. Avoid using the ToCategory and FromCategory parameters in the "ProductDetailsForm.asp" endpoint, and the UserName and Password parameters in the "LogIn/VerifyUserLog.asp" endpoint, until the issue is resolved.