CVE-2006-5096

Name of the Vulnerable Software and Affected Versions VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS version 1.0.11 and possibly earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in specific actions, including (1) com contact or (2) subscribe action.

Recommendations For VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS version 1.0.11 and possibly earlier, consider restricting access to the Itemid parameter in the affected actions until a patch is available. As a temporary workaround, avoid using the Itemid parameter in the com contact and subscribe actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.