Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-1059. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary The document describes a persistent Cross-Site Scripting (XSS) vulnerability in OSCommerce v3.0.2, specifically in the 'index.php?Cart' module. The PoC demonstrates how an attacker can inject malicious script code via the 'front' field of the shirt module, leading to potential session hijacking.
Description
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
Exploits (1)
The document describes a persistent Cross-Site Scripting (XSS) vulnerability in OSCommerce v3.0.2, specifically in the 'index.php?Cart' module. The PoC demonstrates how an attacker can inject malicious script code via the 'front' field of the shirt module, leading to potential session hijacking.