Unrated severityNVD Advisory· Published Jul 18, 2006· Updated Apr 16, 2026

CVE-2006-3613

Description

Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php.

Affected products

Chamberland Technology/Ezwaiter Online
cpe:2.3:a:chamberland_technology:ezwaiter_online:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/438792/100/0/threadednvd
www.securityfocus.com/bid/18746nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27587nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000