VYPR
Unrated severityNVD Advisory· Published May 27, 2012· Updated Jun 16, 2026

CVE-2012-1792

CVE-2012-1792

Description

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.

Affected products

5
  • cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:*
    • (no CPE)range: = 3.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.