Unrated severityNVD Advisory· Published Oct 31, 2006· Updated Apr 23, 2026

CVE-2006-5631

Description

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632.

Affected products

Ig Shop/Ig Shop
cpe:2.3:a:ig_shop:ig_shop:1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdExploit
www.attrition.org/pipermail/vim/2006-October/001099.htmlnvdExploit
secunia.com/advisories/22701nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29890nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000