Description

Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.

Remediation

References

CVE-2003-1219

Related Vulnerabilities

Oracle JRE CVE-2017-10388 Vulnerability (CVE-2017-10388)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2019-3823)

WordPress Plugin BackupBuddy Information Disclosure (2.2.28)

WordPress Plugin WP eCommerce Multiple Unspecified Vulnerabilities (3.9.3)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)

Severity

Medium

Classification

CVE-2003-1219

Tags

Missing Update Known Vulnerabilities