OSCommerce Multiple Input Validation Vulnerabilities

osCommerce is prone to multiple input-validation vulnerabilities, including a directory-traversal issue and multiple cross-site scripting issues.

An attacker can exploit these issues to view sensitive information and to steal cookie-based authentication credentials. Other attacks are also possible.

Version 3.0a3 is vulnerable to this issue; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus