EIP-2026-110360
PRE-CVEosCommerce 2.1/2.2 - Info_Message Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110360. PoCs published by iProyectos group.
AI-analyzed exploit summary The code describes a reflected XSS vulnerability in osCommerce due to insufficient filtering of URI parameters. The provided example demonstrates how an attacker can inject JavaScript code via the 'info_message' parameter, which executes in the context of the victim's browser.
Description
osCommerce 2.1/2.2 - Info_Message Cross-Site Scripting
Exploits (1)
The code describes a reflected XSS vulnerability in osCommerce due to insufficient filtering of URI parameters. The provided example demonstrates how an attacker can inject JavaScript code via the 'info_message' parameter, which executes in the context of the victim's browser.