CVE-2012-0312

osCommerce <R9-2.3.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Third Party Advisory] http://jvn.jp/en/jp/JVN64386898/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2012-000005

[Various Sources] http://sourceforge.jp/forum/forum.php?forum_id=28119

Scores

EPSS 0.0025

EPSS Percentile 48.5%

Classification

CWE

CWE-79

Status published

Affected Products (11)

oscommerce/online_merchant < 2.3.0

oscommerce/online_merchant

oscommerce/oscommerce

n/a/n/a

Timeline

Published Jan 26, 2012

Tracked Since Feb 18, 2026