CVE-2012-4236
Total Shop UK eCommerce < 2.1.2_p1 - Cross-Site Scripting via PATH_INFO
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4236. PoCs published by Chris Cooper.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Total Shop UK eCommerce CodeIgniter, with an example request demonstrating how arbitrary script code can be executed in the context of the affected site. The vulnerability arises from improper sanitization of user-supplied input.
Description
Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in Total Shop UK eCommerce CodeIgniter, with an example request demonstrating how arbitrary script code can be executed in the context of the affected site. The vulnerability arises from improper sanitization of user-supplied input.