Vulnerability Details CVE-2012-4236
Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/50238
- http://www.openwall.com/lists/oss-security/2012/08/13/7
- http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html
- http://www.securityfocus.com/bid/54985
- http://secunia.com/advisories/50238
- http://www.openwall.com/lists/oss-security/2012/08/13/7
- http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html
- http://www.securityfocus.com/bid/54985
Products affected by CVE-2012-4236
-
cpe:2.3:a:totalshopuk:ecommerce:1.0
-
cpe:2.3:a:totalshopuk:ecommerce:1.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.2
-
cpe:2.3:a:totalshopuk:ecommerce:1.3
-
cpe:2.3:a:totalshopuk:ecommerce:1.3.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.3.2
-
cpe:2.3:a:totalshopuk:ecommerce:1.3.3
-
cpe:2.3:a:totalshopuk:ecommerce:1.4.0
-
cpe:2.3:a:totalshopuk:ecommerce:1.4.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.5.0
-
cpe:2.3:a:totalshopuk:ecommerce:1.5.0.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.5.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.5.2
-
cpe:2.3:a:totalshopuk:ecommerce:1.5.3
-
cpe:2.3:a:totalshopuk:ecommerce:1.5.4
-
cpe:2.3:a:totalshopuk:ecommerce:1.6.0
-
cpe:2.3:a:totalshopuk:ecommerce:1.6.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.6.2
-
cpe:2.3:a:totalshopuk:ecommerce:1.6.3
-
cpe:2.3:a:totalshopuk:ecommerce:1.7
-
cpe:2.3:a:totalshopuk:ecommerce:1.7.0
-
cpe:2.3:a:totalshopuk:ecommerce:1.7.1
-
cpe:2.3:a:totalshopuk:ecommerce:1.7.2
-
cpe:2.3:a:totalshopuk:ecommerce:2.0.0
-
cpe:2.3:a:totalshopuk:ecommerce:2.0.1
-
cpe:2.3:a:totalshopuk:ecommerce:2.0.2
-
cpe:2.3:a:totalshopuk:ecommerce:2.0.3
-
cpe:2.3:a:totalshopuk:ecommerce:2.1.0
-
cpe:2.3:a:totalshopuk:ecommerce:2.1.1
-
cpe:2.3:a:totalshopuk:ecommerce:2.1.2