CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1792

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.4%

CVSS Severity

CVSS v2 Score 2.6

References

Products affected by CVE-2012-1792

Oscommerce » Online Merchant » Version: 2.2

cpe:2.3:a:oscommerce:online_merchant:2.2
Oscommerce » Online Merchant » Version: 2.3

cpe:2.3:a:oscommerce:online_merchant:2.3
Oscommerce » Online Merchant » Version: 2.3.0

cpe:2.3:a:oscommerce:online_merchant:2.3.0
Oscommerce » Online Merchant » Version: 2.3.1

cpe:2.3:a:oscommerce:online_merchant:2.3.1
Oscommerce » Online Merchant » Version: 2.3.2

cpe:2.3:a:oscommerce:online_merchant:2.3.2
Oscommerce » Online Merchant » Version: 2.3.3

cpe:2.3:a:oscommerce:online_merchant:2.3.3
Oscommerce » Online Merchant » Version: 2.3.3.1

cpe:2.3:a:oscommerce:online_merchant:2.3.3.1
Oscommerce » Online Merchant » Version: 2.3.3.2

cpe:2.3:a:oscommerce:online_merchant:2.3.3.2
Oscommerce » Online Merchant » Version: 2.3.3.3

cpe:2.3:a:oscommerce:online_merchant:2.3.3.3
Oscommerce » Online Merchant » Version: 2.3.3.4

cpe:2.3:a:oscommerce:online_merchant:2.3.3.4
Oscommerce » Online Merchant » Version: 2.3.4

cpe:2.3:a:oscommerce:online_merchant:2.3.4
Oscommerce » Online Merchant » Version: 2.3.4.1

cpe:2.3:a:oscommerce:online_merchant:2.3.4.1
Oscommerce » Online Merchant » Version: 2.4.0

cpe:2.3:a:oscommerce:online_merchant:2.4.0
Oscommerce » Online Merchant » Version: 2.4.1

cpe:2.3:a:oscommerce:online_merchant:2.4.1
Oscommerce » Online Merchant » Version: 2.4.2

cpe:2.3:a:oscommerce:online_merchant:2.4.2
Oscommerce » Online Merchant » Version: 3.0

cpe:2.3:a:oscommerce:online_merchant:3.0
Oscommerce » Online Merchant » Version: 3.0.1

cpe:2.3:a:oscommerce:online_merchant:3.0.1
Oscommerce » Online Merchant » Version: 3.0.2

cpe:2.3:a:oscommerce:online_merchant:3.0.2
Oscommerce » Online Merchant » Version: 4.0

cpe:2.3:a:oscommerce:online_merchant:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1792

Products

Pricing

Contact Us