CVE-2006-5247 - Twilight Ending

Description

Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php possibly related to the (1) des and (2) qty parameters in an add action and via other unspecified vectors. NOTE: some details are obtained from third party information.

Reference

http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001 http://secunia.com/advisories/22286 http://securitytracker.com/id?1017041 http://securityreason.com/securityalert/1717 https://exchange.xforce.ibmcloud.com/vulnerabilities/29421 http://www.securityfocus.com/archive/1/448094/100/0/threaded