CVE-2005-0458

Name of the Vulnerable Software and Affected Versions osCommerce versions 2.2-MS2

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter in the contact us.php file.

Recommendations For osCommerce versions 2.2-MS2, as a temporary workaround, consider validating and sanitizing user input for the enquiry parameter to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.