CVE-2006-6485

Name of the Vulnerable Software and Affected Versions ShopSite versions 8.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This is achieved via the prevlocation parameter in "shopper/sc/registration.cgi" and other unspecified vectors.

Recommendations For ShopSite versions 8.1 and earlier, update to a version later than 8.1 to resolve the issue. As a temporary workaround, consider restricting access to the "shopper/sc/registration.cgi" endpoint and avoid using the prevlocation parameter until a patch is available.