CVE-2006-5631

Name of the Vulnerable Software and Affected Versions: iG Shop version 1.4

Description: The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings in the change pass.php file when the action parameter is not set to "1". This can be exploited by injecting script in the action parameter.

Recommendations: For iG Shop version 1.4, consider restricting access to the change pass.php file until a fix is available, and ensure that the action parameter is properly validated to prevent arbitrary input. As a temporary workaround, consider disabling the execution of scripts in query strings for the change pass.php file.