Vulnerability Details CVE-2003-1219
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html
- http://www.oscommerce.com/community/bugs%2C1546
- http://www.securityfocus.com/archive/1/347831
- http://www.securityfocus.com/bid/9238
- http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html
- http://www.oscommerce.com/community/bugs%2C1546
- http://www.securityfocus.com/archive/1/347831
- http://www.securityfocus.com/bid/9238
Products affected by CVE-2003-1219
-
cpe:2.3:a:oscommerce:oscommerce:-
-
cpe:2.3:a:oscommerce:oscommerce:1.0.0.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.1.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.2.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.3.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.4.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.5.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.6.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.0
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.1
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.2
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.3
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.4
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.5
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.6
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.7
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.8
-
cpe:2.3:a:oscommerce:oscommerce:1.0.7.9
-
cpe:2.3:a:oscommerce:oscommerce:1.1
-
cpe:2.3:a:oscommerce:oscommerce:1.11
-
cpe:2.3:a:oscommerce:oscommerce:1.12
-
cpe:2.3:a:oscommerce:oscommerce:1.13
-
cpe:2.3:a:oscommerce:oscommerce:1.5.1
-
cpe:2.3:a:oscommerce:oscommerce:2.1
-
cpe:2.3:a:oscommerce:oscommerce:2.2
-
cpe:2.3:a:oscommerce:oscommerce:2.2_cvs
-
cpe:2.3:a:oscommerce:oscommerce:2.2_ms1
-
cpe:2.3:a:oscommerce:oscommerce:2.2_ms2