Unrated severityNVD Advisory· Published Jun 12, 2006· Updated Apr 16, 2026

CVE-2006-2979

Description

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.

Affected products

Viart/Shop
cpe:2.3:a:viart:shop:2.5.5_free:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.codetosell.com/downloads/xss_fix.zipnvdPatchURL Repurposed
secunia.com/advisories/20538nvdVendor Advisory
securityreason.com/securityalert/1087nvd
www.attrition.org/pipermail/vim/2006-June/000846.htmlnvd
www.securityfocus.com/archive/1/436415/100/0/threadednvd
www.securityfocus.com/bid/18369nvd
www.vupen.com/english/advisories/2006/2253nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27112nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000