CVE-2012-1059
published 2012-02-14CVE-2012-1059: Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.53%
87.8th percentile
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oscommerce | online_merchant | <= 3.0.2 | — |
| oscommerce | online_merchant | — | — |
| oscommerce | online_merchant | — | — |
| oscommerce | online_merchant | — | — |
| oscommerce | online_merchant | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r4v4-hvh4-c2h8: Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main
ghsa_unreviewed·2022-05-17
CVE-2012-1059 [MEDIUM] CWE-79 GHSA-r4v4-hvh4-c2h8: Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
GHSA
GHSA-rx6w-7424-25q4: Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-2935 [MEDIUM] CWE-79 GHSA-rx6w-7424-25q4: Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/109389/VL-407.txthttp://www.exploit-db.com/exploits/18455http://www.securityfocus.com/bid/51831http://www.vulnerability-lab.com/get_content.php?id=407https://exchange.xforce.ibmcloud.com/vulnerabilities/72916https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7dfhttp://packetstormsecurity.org/files/109389/VL-407.txthttp://www.exploit-db.com/exploits/18455http://www.securityfocus.com/bid/51831http://www.vulnerability-lab.com/get_content.php?id=407https://exchange.xforce.ibmcloud.com/vulnerabilities/72916https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df
2012-02-14
Published