Description

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Remediation

References

CVE-2005-1951

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3156)

Oracle JRE CVE-2023-22025 Vulnerability (CVE-2023-22025)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.7.0.0)

PHP Other Vulnerability (CVE-2007-1710)

WordPress Plugin Stars Menu Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2005-1951

Tags

Missing Update Known Vulnerabilities