VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 20, 2012· Updated Apr 29, 2026

CVE-2012-4236

CVE-2012-4236

Description

Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected products

30
  • Totalshopuk/Ecommerce30 versions
    cpe:2.3:a:totalshopuk:ecommerce:*:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:totalshopuk:ecommerce:*:*:*:*:*:*:*:*range: <=2.1.2
    • cpe:2.3:a:totalshopuk:ecommerce:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:totalshopuk:ecommerce:2.1.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.