VULHUB ™

It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce. This may allow for theft of cookie-based authentication credentials and other attacks. This vulnerability was reported to affect osCommerce version 2.2ms1, prior versions are reportedly affected.

It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce. This may allow for theft of cookie-based authentication credentials and other attacks. This vulnerability was reported to affect osCommerce version 2.2ms1, prior versions are reportedly affected.