VYPR
← All advisories
Unrated severityNVD Advisory· Published May 27, 2012· Updated Apr 29, 2026

CVE-2012-2935

CVE-2012-2935

Description

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.

Affected products

4
  • OsCommerce/Online Merchant4 versions
    cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.