|
Description
|
|
Chris Wood has discovered a vulnerability in osCommerce, which can be exploited by malicious people to conduct script insertion attacks.
Input passed via the "products_id" GET parameter to product_info.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if malicious data is viewed.
The vulnerability is confirmed in version 2.3.3. Prior versions may also be affected.
|
