Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oscommerce online merchant 3.0.2 |