Description
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.
Exploits (1)
References (4)
Core 4
Core References
Various Sources mailing-list
x_refsource_mlist
http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9238
Various Sources x_refsource_confirm
http://www.oscommerce.com/community/bugs%2C1546
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/347831
Scores
EPSS
0.0075
EPSS Percentile
73.3%
Details
Status
published
Products (1)
oscommerce/oscommerce
< 2.2_ms2
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026