2 matches found
CVE-2024-4348 osCommerce all-products cross site scripting
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...
osCommerce 4 Cross Site Scripting
Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...