Unrated severityNVD Advisory· Published May 27, 2012· Updated Jun 16, 2026
CVE-2012-2935
CVE-2012-2935
Description
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.
Affected products
5cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:online_merchant:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:online_merchant:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:*
- (no CPE)range: =3.0.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.