PT-2006-6340 · Ig · Ig Shop
Steven M. Christey
·
Published
2006-10-31
·
Updated
2025-04-03
·
CVE-2006-5632
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
iG Shop version 1.4
Description:
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
id parameter in the change pass.php file.Recommendations:
For iG Shop version 1.4, avoid using the
id parameter in the change pass.php file until the issue is resolved. As a temporary workaround, consider restricting access to the change pass.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ig Shop