2 matches found
CVE-2018-18966
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file...
CVE-2018-18966
CVE-2018-18966 affects osCommerce 2.3.4.1. The issue is an incomplete .htaccess blacklist in catalog/images/ that bans the html extension, while Internet Explorer can render HTML elements in a .eml file. This can enable HTML content handling despite the filter. CVSS2 v2.0 base 4.0 (Medium) and CV...