Unrated severityNVD Advisory· Published May 30, 2006· Updated Apr 16, 2026

CVE-2006-2649

Description

Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.

Affected products

Cosmicphp/Cosmicshoppingcart
cpe:2.3:a:cosmicphp:cosmicshoppingcart:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20272nvdExploitVendor Advisory
www.zone-h.org/advisories/read/id=9058nvdExploitVendor Advisory
www.vupen.com/english/advisories/2006/1984nvdVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.htmlnvd
securitytracker.com/idnvd
www.osvdb.org/26090nvd
www.osvdb.org/26091nvd
www.osvdb.org/26092nvd
www.osvdb.org/26093nvd
www.securityfocus.com/bid/18709nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26681nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000