CVE-2012-5226

Name of the Vulnerable Software and Affected Versions Peel SHOPPING versions 2.8 through 2.9

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the motclef parameter to "achat/recherche.php" or the PATH INFO to "index.php".

Recommendations For versions 2.8 and 2.9, avoid using the motclef parameter in the "achat/recherche.php" endpoint and restrict access to the PATH INFO in "index.php" until a fix is available.