Description
Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Chris Cooper · textwebappsphp
https://www.exploit-db.com/exploits/37632
References (4)
Core 4
Core References
Exploit x_refsource_misc
http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/13/7
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54985
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50238
Scores
EPSS
0.0545
EPSS Percentile
90.2%
Details
CWE
CWE-79
Status
published
Products (30)
totalshopuk/ecommerce
1.0
totalshopuk/ecommerce
1.1
totalshopuk/ecommerce
1.2
totalshopuk/ecommerce
1.3
totalshopuk/ecommerce
1.3.1
totalshopuk/ecommerce
1.3.2
totalshopuk/ecommerce
1.3.3
totalshopuk/ecommerce
1.4.0
totalshopuk/ecommerce
1.4.1
totalshopuk/ecommerce
1.5.0
... and 20 more
Published
Aug 20, 2012
Tracked Since
Feb 18, 2026