Unrated severityNVD Advisory· Published Feb 14, 2012· Updated Jun 16, 2026
CVE-2012-1059
CVE-2012-1059
Description
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:oscommerce:online_merchant:3.0.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oscommerce:online_merchant:3.0.2:*:*:*:*:*:*:*
- (no CPE)range: = 3.0.2
- Range: = 3.0.2
Patches
Vulnerability mechanics
References
6- packetstormsecurity.org/files/109389/VL-407.txtnvdExploit
- www.exploit-db.com/exploits/18455nvdExploit
- www.securityfocus.com/bid/51831nvd
- www.vulnerability-lab.com/get_content.phpnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72916nvd
- github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7dfnvd
News mentions
0No linked articles in our index yet.