CVE-2012-4236

Totalshopuk Ecommerce < 2.1.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chris Cooper · textwebappsphp

https://www.exploit-db.com/exploits/37632

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/50238

[Exploit] http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html

[Exploit] http://www.securityfocus.com/bid/54985

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/13/7

Scores

EPSS 0.0572

EPSS Percentile 90.3%

Classification

CWE

CWE-79

Status published

Affected Products (31)

totalshopuk/ecommerce < 2.1.2

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

totalshopuk/ecommerce

... and 16 more

Timeline

Published Aug 20, 2012

Tracked Since Feb 18, 2026