CVE-2006-5108

Name of the Vulnerable Software and Affected Versions Devellion CubeCart versions 2.0.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different files, including order id in "admin/print order.php" and "view order.php", site url and la search home in "admin/nav.php", image in "admin/image.php", site name, la adm header, charset in "admin/header.inc.php", la pow by in "footer.inc.php", and site name in "header.inc.php".

Recommendations For Devellion CubeCart versions 2.0.x, consider disabling the affected parameters, such as order id, site url, la search home, image, site name, la adm header, charset, and la pow by, until a patch is available. Restrict access to the vulnerable files, including "admin/print order.php", "view order.php", "admin/nav.php", "admin/image.php", "admin/header.inc.php", "footer.inc.php", and "header.inc.php", to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.